I don't even enable DNSSEC in Unbound. There just isn't enough adoption yet for me to feel like I am missing out on something, yet.
reply"Cloudflare Radar data shows 8.11% of domains are signed with DNSSEC, but only 0.47% of queries are validated end-to-end." [1]
Zones I may care about:
- Amazon.com: unsigned
- My banks: unsigned
- Hacker News: unsigned
- Email that I do not host: unsigned
- My power companies billing: unsigned
- I found some! id.me and irs.gov are signed.
The Tranco list is an academic research project to generate a "top N zones" list. Here's the portion of the top 1000 that is signed:
replyThat's cool, ty for that. The only one I put credentials into is Amazon it is unsigned. [1] There probably needs to be a DNSSECv2 .vbis that reduces risk somehow to get more adoption.
replyJust before the outage happened I updated multiple client servers. That was a very stressfull hour trying to figure out why nothing works.
replySAMEEEEE !!!
replySame haha
reply