
<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">


<head>


<meta http-equiv="Content-Type" content="text/html; charset=utf-8">


<meta name="Generator" content="Microsoft Word 15 (filtered medium)">


<style><!--


/* Font Definitions */


@font-face


        {font-family:"Cambria Math";


        panose-1:2 4 5 3 5 4 6 3 2 4;}


@font-face


        {font-family:Calibri;


        panose-1:2 15 5 2 2 2 4 3 2 4;}


@font-face


        {font-family:"Apple Color Emoji";


        panose-1:0 0 0 0 0 0 0 0 0 0;}


@font-face


        {font-family:-webkit-standard;


        panose-1:2 11 6 4 2 2 2 2 2 4;}


/* Style Definitions */


p.MsoNormal, li.MsoNormal, div.MsoNormal


        {margin:0cm;


        font-size:10.0pt;


        font-family:"Calibri",sans-serif;}


a:link, span.MsoHyperlink


        {mso-style-priority:99;


        color:blue;


        text-decoration:underline;}


span.EmailStyle19


        {mso-style-type:personal-reply;


        font-family:"Calibri",sans-serif;


        color:windowtext;}


.MsoChpDefault


        {mso-style-type:export-only;


        font-size:10.0pt;}


@page WordSection1


        {size:612.0pt 792.0pt;


        margin:72.0pt 72.0pt 72.0pt 72.0pt;}


div.WordSection1


        {page:WordSection1;}


--></style>


</head>


<body lang="EN-IE" link="blue" vlink="purple" style="word-wrap:break-word">


<div class="WordSection1">


<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">I’m checking internally what ours does, but it’s not a “simple” binary question.<o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">We did have it turned on in the past, but doing so meant we couldn’t get email from several organisations we work with as their DNSSEC setup was broken. And of course it took time


 to realise that we weren’t getting those emails.<o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Regards<o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US">Michele<o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>


<div>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:-webkit-standard;color:black">--<o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:-webkit-standard;color:black">Mr Michele Neylon<o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:-webkit-standard;color:black">Blacknight Solutions<o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:-webkit-standard;color:black">Hosting, Colocation & Domains<o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:-webkit-standard;color:black"><a href="https://www.blacknight.com/"><span style="color:#0563C1">https://www.blacknight.com/</span></a><o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:-webkit-standard;color:black"><a href="https://blacknight.blog/"><span style="color:#0563C1">https://blacknight.blog/</span></a><o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:-webkit-standard;color:black">Intl. +353 (0) 59  9183072<o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:-webkit-standard;color:black">Direct Dial: +353 (0)59 9183090<o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:-webkit-standard;color:black">Personal blog: <a href="https://michele.blog/"><span style="color:#0563C1">https://michele.blog/</span></a><o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:-webkit-standard;color:black">Some thoughts: <a href="https://ceo.hosting/"><span style="color:#0563C1">https://ceo.hosting/</span></a><o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:-webkit-standard;color:black">-------------------------------<o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:-webkit-standard;color:black">Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty<o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:-webkit-standard;color:black">Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845<o:p></o:p></span></p>


</div>


<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>


<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">


<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-size:12.0pt;color:black">From:


</span></b><span style="font-size:12.0pt;color:black">dns-operations <dns-operations-bounces@dns-oarc.net> on behalf of Peter Thomassen <peter@desec.io><br>


<b>Date: </b>Monday, 21 March 2022 at 14:50<br>


<b>To: </b>dns-operations@lists.dns-oarc.net <dns-operations@lists.dns-oarc.net><br>


<b>Subject: </b>Re: [dns-operations] Survey on DNS resolver operations and DNSSEC<o:p></o:p></span></p>


</div>


<div>


<p class="MsoNormal"><span style="font-size:11.0pt">[EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources.<br>


<br>


On 3/21/22 13:19, Bill Woodcock wrote:<br>


> The alternative to DNSSEC validation is man-in-the-middle compromises.  We wouldn’t be doing DNSSEC validation if it caused more workload than man-in-the-middle compromises.  Therefore the increased workload is negative, not positive.<br>


<br>


Is that (economic) argument all there is to it? -- If so, wouldn't one expect all resolver operators to do DNSSEC validation? (Validation prevalence is far from 100%.)<br>


<br>


Best,<br>


Peter<br>


<br>


<br>


--<br>


Like our community service? </span><span style="font-size:11.0pt;font-family:"Apple Color Emoji"">💛</span><span style="font-size:11.0pt"><br>


Please consider donating at<br>


<br>


<a href="https://desec.io/">https://desec.io/</a><br>


<br>


deSEC e.V.<br>


Kyffhäuserstr. 5<br>


10781 Berlin<br>


Germany<br>


<br>


Vorstandsvorsitz: Nils Wisiol<br>


Registergericht: AG Berlin (Charlottenburg) VR 37525<br>


_______________________________________________<br>


dns-operations mailing list<br>


dns-operations@lists.dns-oarc.net<br>


<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a><o:p></o:p></span></p>


</div>


</div>


</body>


</html>