Live Roundups Editor's Desk Insights Executive Ops Weather About 🔍
Home Technology Aws.com and google.com don't have DNSSEC enabled
Technology

Aws.com and google.com don't have DNSSEC enabled

Hacker News Wednesday 10 June 2026, 23:57 UTC By moquilabs 1 min read
Key Points

I was looking at verisign's public dns whois checker and I got this crazy result. Amazon.com doesn't have dnssec enabled. # To verify run: ~ ❯ delv amazon.com ; unsigned answer amazon.com.

I was looking at verisign's public dns whois checker and I got this crazy result. Amazon.com doesn't have dnssec enabled. # To verify run: ~ ❯ delv amazon.com ; unsigned answer amazon.com. 2 IN A 98.82.161.185 amazon.com. 2 IN A 98.87.170.71 amazon.com. 2 IN A 98.87.170.74 Surely aws.com has it enabled? ~ ❯ delv aws.com ; unsigned answer aws.com. 59 IN A 143.204.142.107 aws.com. 59 IN A 143.204.142.125 aws.com. 59 IN A 143.204.142.53 aws.com. 59 IN A 143.204.142.119 Okay google.com has it enabled: ~ ❯ delv google.com ; unsigned answer google.com. 141 IN A 173.194.42.101 google.com. 141 IN A 173.194.42.113 google.com. 141 IN A 173.194.42.102 google.com. 141 IN A 173.194.42.138 google.com. 141 IN A 173.194.42.100 google.com. 141 IN A 173.194.42.139 Okay there's something seriously wrong, this tool is broken, or my client is wrong. what about cloudflare: ~ ❯ delv cloudflare.com ; fully validated cloudflare.com. 134 IN A 104.16.132.229 cloudflare.com. 134 IN A 104.16.133.229 cloudflare.com. 134 IN RRSIG A 13 2 300 20260612003424 20260609223424 34505 cloudflare.com. bK9MssAMDa7/6dM0CJ0tRYisBorQ8vaDDWrhyvvzJjO7qp6ogft0eUdy c22Loq0Lw172ClsPmz2CWW5WLBMWfQ== So it's not my tool because cloudflare is working. Can someone please explain what is happening? AWS themselves has an article about this. With no dnssec, there is no way to cryptographically prove that the DNS records are accurate, so DNS server's cache could return an attacker IP. Checkout https://moquilabs.com
DNSSEC (ORG) verisign (ORG) dns (ORG) Amazon.com (ORG) google.com (ORG) AWS (ORG)
Originally published by Hacker News Read original →

Related Stories

Air India Crash Report to Miss One-Year Deadline With Engine Probe Pending

Aircraft debris at the crash site of Air India flight AI171 in Ahmedabad, Gujarat in June 2025. Siddharaj Solanki/Bloomberg

Bloomberg Technology 1h ago

I was tired of repos that say they run but don't

The honest Run Button for repos — with proof, not vibes. bootproof up https://github.com/dubinc/dub Remote source: https://github.com/dubinc/dub.git Clone retained at: .bootproof/remotes/github.com/dubinc/dub-*/repo Inference (evidence-based) application: yes package manager: pnpm.15.9 selected command: pnpm dev ✗ NOT VERIFIED — remote_code_execution_blocked Why BootProof refused: remote repositories are untrusted code and require explicit consent.

Hacker News 1h ago

AI agent runs amok in Fedora and elsewhere

AI agent runs amok in Fedora and elsewhere [LWN subscriber-only content] Agentic AI systems can be used to do a variety of things autonomously on behalf of a human user: open or manage bugs, generate code, submit pull-requests, and (apparently) even complain about rejection. In May, a Fedora developer discovered that an allegedly rogue agent had been pestering the project in a number of ways: reassigning bugs, fabricating unhelpful replies to bugs, and even persuading maintainers to merge...

Hacker News 1h ago

Bluesky is getting ‘communities’

Bluesky will be getting "communities," which will function as smaller spaces where you can "go deeper and hang out with people who care about the same stuff" sometime this year, according to head of product Alex Benzer. They will be built on the decentralized AT Protocol that underpins Bluesky, with Benzer saying that "it's a new structure for everyone" that's part of the "Atmosphere" (a shorthand for the AT Protocol ecosystem). Benzer listed out a "few ideas we have in mind so far" in a thread.

The Verge 1h ago