[dns-operations] Survey on DNS resolver operations and DNSSEC

Michele Neylon - Blacknight michele at blacknight.com
Mon Mar 21 15:02:05 UTC 2022

I’m checking internally what ours does, but it’s not a “simple” binary question.
We did have it turned on in the past, but doing so meant we couldn’t get email from several organisations we work with as their DNSSEC setup was broken. And of course it took time to realise that we weren’t getting those emails.



Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845

From: dns-operations <dns-operations-bounces at dns-oarc.net> on behalf of Peter Thomassen <peter at desec.io>
Date: Monday, 21 March 2022 at 14:50
To: dns-operations at lists.dns-oarc.net <dns-operations at lists.dns-oarc.net>
Subject: Re: [dns-operations] Survey on DNS resolver operations and DNSSEC
[EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources.

On 3/21/22 13:19, Bill Woodcock wrote:
> The alternative to DNSSEC validation is man-in-the-middle compromises.  We wouldn’t be doing DNSSEC validation if it caused more workload than man-in-the-middle compromises.  Therefore the increased workload is negative, not positive.

Is that (economic) argument all there is to it? -- If so, wouldn't one expect all resolver operators to do DNSSEC validation? (Validation prevalence is far from 100%.)


Like our community service? 💛
Please consider donating at


deSEC e.V.
Kyffhäuserstr. 5
10781 Berlin

Vorstandsvorsitz: Nils Wisiol
Registergericht: AG Berlin (Charlottenburg) VR 37525
dns-operations mailing list
dns-operations at lists.dns-oarc.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20220321/fa39806f/attachment-0001.html>

More information about the dns-operations mailing list