June 10, 2026
DNS? More like D-Not-SEC
Aws.com and google.com don't have DNSSEC enabled
Even the biggest websites skipped this safety feature, and the comments were not shocked
TLDR: A check of major domains found Amazon and Google aren’t using a security system meant to help prove website addresses are real. Commenters weren’t scandalized at all — they said this is normal, rare across the web, and a perfect example of how even big tech skips “important” safety tools.
A tiny internet detective story turned into a full-on "wait, WHAT?" moment when someone checked whether major web giants had turned on DNSSEC — a security feature meant to help prove a website’s address hasn’t been tampered with — and found that aws.com and google.com apparently don’t use it. The original poster clearly expected a glitch, especially after Cloudflare seemed to pass the test. Instead, the real twist came from the crowd: not outrage, but a giant, collective shrug.
The hottest reaction was basically, "Welcome to reality." One commenter bluntly said these companies "never have" used it and claimed fewer than 5% of North American domains do at all, even linking a cheekily named site, dnssecmenot.fly.dev, which sounds like a meme and lands like one too. Another piled on with the brutally simple take: "Almost nobody has DNSSEC enabled." That turned the whole conversation from "Did Amazon and Google mess up?" into "Is this feature basically the gym membership of internet security — good in theory, ignored in practice?"
And that’s where the drama lives: the article frames DNSSEC as an important protection against fake website directions, but the comments make it sound like a niche, unloved tool that even the richest internet empires can’t be bothered to adopt. The vibe wasn’t panic — it was cynical amusement. Less "sound the alarm," more "buddy, the internet has been winging it for years."
Key Points
- •The article centers on DNSSEC lookup results from Verisign’s public DNS WHOIS checker.
- •The author says the checker indicated Amazon.com does not have DNSSEC enabled.
- •The author also checked aws.com and google.com and found the results surprising enough to suspect a tool or client issue.
- •A Cloudflare check appeared to work, which the author took as evidence that the tool was not wholly broken.
- •The post cites AWS documentation and states that without DNSSEC there is no cryptographic proof that DNS records are accurate, creating a risk of attacker-controlled IP responses from DNS cache.