[tedivm]

I'm curious if they're using DNSSec at all. I notice they're using Dynect for this, and in my experience DNSSec and Dyn do not get along (unless you're not using any of their special features like geotargeting), so it I'm interested in hearing how they've managed to get all that working.

[ktta]

I'm curious why people ask about DNSSEC support. None of the major browsers support validating it.

Even to validate the DNSSEC records by yourself, there is only a single website available[1] (which doesn't even have TLS). I want DNSSEC to catch up, but adoption level is a joke.

[1]:http://dnsviz.net

[vegardx]

You're not limited to just browsers, and a perfect use-case for dnssec would be in combination with sshfp records for ssh, incidentally something GitHub heavily relies on, and where support is much better.

Adoption is slow, nobody argues there, but when you've set it up and have routines for rolling keys it's more or less self-maintained.

Google public DNS will return servfail if validation fails, which is a step in the right direction.

There are plenty of tools to validate dnssec, even with TLS [0]. But I'm not sure why you would need a webpage to do it. You can easily grab the root keys and validate the whole chain using dig on your own computer.

[0] https://dnssec-debugger.verisignlabs.com/

[betaby]

$ dig +dnssec github.com will give the answer and the answer is NO.