That's cool, ty for that. The only one I put credentials into is Amazon it is unsigned. [1] There probably needs to be a DNSSECv2 .vbis that reduces risk somehow to get more adoption.

[1] - https://dnssec-analyzer.verisignlabs.com/amazon.com