Page 1 of 1

Consider disabling DNSSEC?

Posted: Sun Feb 23, 2020 12:06 pm
by kevinburkesf
DNSSEC has fallen out of favor recently. It's no longer a recommended standard for federal websites. It has not gained adoption in mainstream browsers. It's also a usability nightmare since you can't show anything to the user when resolution fails. This argument has been made in depth by eg. or

I was wondering if you would consider disabling DNSSEC on the DNS resolvers. This might simplify the configuration, and make those servers more robust.