new | show | ask | jobs Github

tptacek 3 months ago

DNSSEC isn't required by anything, because almost nobody uses it.

▲

ryao 2 months ago | parent [-]

I deploy DNSSEC on all domains I administer.

▲

tptacek 2 months ago | parent [-]

This isn't a contest of two vibes, one pro-DNSSEC and one anti-. You can just download the Tranco list and run a for loop over it checking for DS records. DNSSEC adoption in North America has actually fallen sharply in North America since 2023 (though it's starting to tick back up again) and every chart you'll find shows a pronounced plateauing effect, across all TLDs --- damning because the point at which the plateau flattens is such a low percentage.

▲

ryao 2 months ago | parent [-]

Is that because people are uninformed or just do not care?

	▲	tptacek 2 months ago \| parent [-]
		How about option 3: they care deeply and are making a considered choice.