How can DNSSEC affect DKIM verification?

Protection benefit:

• DNSSEC ensures DKIM public key is authentic
• Prevents attacker from publishing fake key
• Receiver can trust the public key

Failure risk:

• If DNSSEC is broken, DKIM record lookup fails (SERVFAIL)
• No key available = DKIM verification fails
• DMARC sees DKIM failure

Practical impact:

• Most receivers do not require DNSSEC for DKIM
• But validating resolvers will fail if DNSSEC is misconfigured

Recommendation:

• If using DNSSEC, maintain it properly
• Monitor DNSSEC health alongside authentication
• If your seal system is broken, even legitimate documents cannot be verified.