|
|
|
|
|
|
by ktta
3309 days ago
|
|
|
I'm curious why people ask about DNSSEC support. None of the major browsers support validating it. Even to validate the DNSSEC records by yourself, there is only a single website available[1] (which doesn't even have TLS). I want DNSSEC to catch up, but adoption level is a joke. [1]:http://dnsviz.net |
|
|
Adoption is slow, nobody argues there, but when you've set it up and have routines for rolling keys it's more or less self-maintained.
Google public DNS will return servfail if validation fails, which is a step in the right direction.
There are plenty of tools to validate dnssec, even with TLS [0]. But I'm not sure why you would need a webpage to do it. You can easily grab the root keys and validate the whole chain using dig on your own computer.
[0] https://dnssec-debugger.verisignlabs.com/