ANSSI Reco-DNS §2.4
DNSSEC fortement recommandé
UnveilScan findings mapped to this control
The scanner emits 1 distinct finding on this control. Click "Scan a domain" below to see which of them currently apply to your site, with copy-paste remediation snippets (nginx, Apache, DNS BIND, web-server config).
dns.no_dnssec
⏱ 4h
DNS — No dnssec
Risk if ignored: An on-path attacker can spoof DNS answers: redirect users to a phishing clone with a valid TLS cert obtained via fraudulent ACME challenges.
security reputational