[dns-operations] Survey on DNS resolver operations and DNSSEC

Peter Thomassen peter at desec.io
Mon Mar 21 12:59:08 UTC 2022

On 3/21/22 13:19, Bill Woodcock wrote:
> The alternative to DNSSEC validation is man-in-the-middle compromises.  We wouldn’t be doing DNSSEC validation if it caused more workload than man-in-the-middle compromises.  Therefore the increased workload is negative, not positive.

Is that (economic) argument all there is to it? -- If so, wouldn't one expect all resolver operators to do DNSSEC validation? (Validation prevalence is far from 100%.)


Like our community service? 💛
Please consider donating at


deSEC e.V.
Kyffhäuserstr. 5
10781 Berlin

Vorstandsvorsitz: Nils Wisiol
Registergericht: AG Berlin (Charlottenburg) VR 37525

More information about the dns-operations mailing list