top | item 24008285 DNSSEC explained: Why you might want to implement it on your domain 19 points| c0r0n3r | 5 years ago |csoonline.com | reply 14 comments order hn newest [+] [-] SimeVidas|5 years ago|reply I’m a simple man. Website shows fullscreen popup that interrupts me and also scrolls the page to the top. I close the tab. [+] [-] anatolinicolae|5 years ago|reply same. load replies (1) [+] [-] brightball|5 years ago|reply Would be a worthwhile article to read if it wasn't pay walled. [+] [-] MayeulC|5 years ago|reply The article is behind a paywall, but more to the point: why wouldn't I want this?It's opt-in at every registrar I've used, although it seems like a no-brainer to me? What am I missing?As an aside, I like DoH, but dislike the fact that my web browsers then don't use /etc/hosts. Is there a way to provide it at the system level? [+] [-] jessaustin|5 years ago|reply HN's resident DNSSEC critic, 'tptacek, has written extensively on this topic:https://sockpuppet.org/blog/2015/01/15/against-dnssec/https://sockpuppet.org/stuff/dnssec-qa.htmlhttps://sockpuppet.org/blog/2016/10/27/14-dns-nerds-dont-con... load replies (1) [+] [-] andreareina|5 years ago|reply Native system-wide DoH seems to be coming to windows 10[1]. For *nix there's unbound[2] which does DoT[LS] and cloudflared[3].[1] https://techcommunity.microsoft.com/t5/networking-blog/windo...[2] https://nlnetlabs.nl/projects/unbound/about/[3] https://developers.cloudflare.com/1.1.1.1/dns-over-https/clo... [+] [-] xythian|5 years ago|reply I'd love to know why some of the major companies of the internet aren't using DNSSEC.Google, Amazon, Facebook, Twitter, Microsoft, Netflix, etc. don't have DNSSEC enabled for their domains.Is it as simple as they're just concerned about the occasional DNS request failing to do DNSSEC issues and thus reducing precious traffic? load replies (1) [+] [-] Whatarethese|5 years ago|reply Can anyone put this on pastebin or something? Paywalled.
[+] [-] SimeVidas|5 years ago|reply I’m a simple man. Website shows fullscreen popup that interrupts me and also scrolls the page to the top. I close the tab. [+] [-] anatolinicolae|5 years ago|reply same. load replies (1)
[+] [-] MayeulC|5 years ago|reply The article is behind a paywall, but more to the point: why wouldn't I want this?It's opt-in at every registrar I've used, although it seems like a no-brainer to me? What am I missing?As an aside, I like DoH, but dislike the fact that my web browsers then don't use /etc/hosts. Is there a way to provide it at the system level? [+] [-] jessaustin|5 years ago|reply HN's resident DNSSEC critic, 'tptacek, has written extensively on this topic:https://sockpuppet.org/blog/2015/01/15/against-dnssec/https://sockpuppet.org/stuff/dnssec-qa.htmlhttps://sockpuppet.org/blog/2016/10/27/14-dns-nerds-dont-con... load replies (1) [+] [-] andreareina|5 years ago|reply Native system-wide DoH seems to be coming to windows 10[1]. For *nix there's unbound[2] which does DoT[LS] and cloudflared[3].[1] https://techcommunity.microsoft.com/t5/networking-blog/windo...[2] https://nlnetlabs.nl/projects/unbound/about/[3] https://developers.cloudflare.com/1.1.1.1/dns-over-https/clo... [+] [-] xythian|5 years ago|reply I'd love to know why some of the major companies of the internet aren't using DNSSEC.Google, Amazon, Facebook, Twitter, Microsoft, Netflix, etc. don't have DNSSEC enabled for their domains.Is it as simple as they're just concerned about the occasional DNS request failing to do DNSSEC issues and thus reducing precious traffic? load replies (1)
[+] [-] jessaustin|5 years ago|reply HN's resident DNSSEC critic, 'tptacek, has written extensively on this topic:https://sockpuppet.org/blog/2015/01/15/against-dnssec/https://sockpuppet.org/stuff/dnssec-qa.htmlhttps://sockpuppet.org/blog/2016/10/27/14-dns-nerds-dont-con... load replies (1)
[+] [-] andreareina|5 years ago|reply Native system-wide DoH seems to be coming to windows 10[1]. For *nix there's unbound[2] which does DoT[LS] and cloudflared[3].[1] https://techcommunity.microsoft.com/t5/networking-blog/windo...[2] https://nlnetlabs.nl/projects/unbound/about/[3] https://developers.cloudflare.com/1.1.1.1/dns-over-https/clo...
[+] [-] xythian|5 years ago|reply I'd love to know why some of the major companies of the internet aren't using DNSSEC.Google, Amazon, Facebook, Twitter, Microsoft, Netflix, etc. don't have DNSSEC enabled for their domains.Is it as simple as they're just concerned about the occasional DNS request failing to do DNSSEC issues and thus reducing precious traffic? load replies (1)
[+] [-] SimeVidas|5 years ago|reply
[+] [-] anatolinicolae|5 years ago|reply
[+] [-] brightball|5 years ago|reply
[+] [-] MayeulC|5 years ago|reply
It's opt-in at every registrar I've used, although it seems like a no-brainer to me? What am I missing?
As an aside, I like DoH, but dislike the fact that my web browsers then don't use /etc/hosts. Is there a way to provide it at the system level?
[+] [-] jessaustin|5 years ago|reply
https://sockpuppet.org/blog/2015/01/15/against-dnssec/
https://sockpuppet.org/stuff/dnssec-qa.html
https://sockpuppet.org/blog/2016/10/27/14-dns-nerds-dont-con...
[+] [-] andreareina|5 years ago|reply
[1] https://techcommunity.microsoft.com/t5/networking-blog/windo...
[2] https://nlnetlabs.nl/projects/unbound/about/
[3] https://developers.cloudflare.com/1.1.1.1/dns-over-https/clo...
[+] [-] xythian|5 years ago|reply
Google, Amazon, Facebook, Twitter, Microsoft, Netflix, etc. don't have DNSSEC enabled for their domains.
Is it as simple as they're just concerned about the occasional DNS request failing to do DNSSEC issues and thus reducing precious traffic?
[+] [-] Whatarethese|5 years ago|reply