Sorry - another Newbie Question. I am running the latest version and have now got two Pi Zero W supplying primary and secondary DNS. Working very well indeed. Just installed PADD and noticed DNSSEC disabled is flagged up in red.
Should I enable DNSSEC?
In general, it is a good idea to enable DNSSEC.
It's the only way that you can be sure that a DNS record is authentic.
Currently, it hasn't been fully adopted by all domains, but all root servers and over 90% of tlds sign their records with DNSSEC.
For your specific situation, you should consider testing it.
DNSSEC requires a correct timeframe to operate successfully.
This means DNS resolution will fail if your local time isn't correct, which looks like a loss of Internet connectivity to all your clients.
As RPis lack an on-board battery-backed RTC, they are prone to lagging behind, e.g. after a reboot or a power failure, which may sometimes force you to manual set the correct time in certain conditions.
If you don't regularly reboot your RPi and you've stable power and a good connection to NTP time servers, that problem shouldn't manifest itself often.
You could also consider fitting an external RTC to your RPi. Cheaper modules starting at about 3 EUR (e.g. DS3231) are sufficient.
Many thanks - I will enable it and see how I get on. Is their a reason why it is not enabled by default ?