I own a domain name via Google domains and my website is hosted as a shared account with Dream Host. I see that both provide DNSSEC vs old DNS. I was thinking to enable it.
But before I do so, I was wondering what are the downsides of enabling DNSSEC for your website, if any?
If you enable the DNSSEC, for most of the clients it's a no-op. As they are highly unlikely to verify the signatures, etc.
Yet, for these who do verify, enabling DNSSEC for the domain is somewhat a one-way road. I don't know the provider you mention, but in order to transfer such a domain to a different 3rd party DNS service, you would need both:
Otherwise your DNSSec-enabled clients will see faults with domain name lookups in the transition period.
