Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open Q / Discussion: DNSSEC-Signed requests receiving prioritization #1819

Closed
dnsguru opened this issue Aug 4, 2023 · 3 comments
Closed
Labels
non .dat Change or Coding Review Alteration to code/automation or publicsuffix.org site ❔❔ question Open question, please look / answer / respond 🚩🚩🚩Want Browser Feedback 🚩🚩🚩 Topics that would benefit from input of Browser dev

Comments

@dnsguru
Copy link
Member

dnsguru commented Aug 4, 2023

In some of the feedback to #1813 that has come to me conversationally, one suggestion was to make DNSSEC signature of the eTLD+ be mandatory.

The benefits of the integrity of resolutions that DNSSEC are fairly great, though adoption is below what one would hope. Probably related to the adoption is the friction/complexity to implementing it.

So perhaps making it mandatory is a bit unrealistic, but what might be a good idea would be to attract use of DNSSEC being in place to add safety/integrity, and as we automate SOA/TXT automation for the review process, also scan for DNSSEC records being present, and let those with DNSSEC jump ahead in priority of processing.

Would like to see some community feedback on this.

@dnsguru dnsguru added ❔❔ question Open question, please look / answer / respond non .dat Change or Coding Review Alteration to code/automation or publicsuffix.org site 🚩🚩🚩Want Browser Feedback 🚩🚩🚩 Topics that would benefit from input of Browser dev labels Aug 4, 2023
@dnsguru
Copy link
Member Author

dnsguru commented Aug 4, 2023

The thinking here would be to add something like this into the DNS scanning automation specifications that are being discussed

@groundcat groundcat mentioned this issue Sep 6, 2023
@simon-friedberger
Copy link
Contributor

I doubt this would actually improve the adoption of DNSSEC a lot. The PSL just isn't that big. Plus, we are not slow enough that prioritization would make a meaningful difference.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
non .dat Change or Coding Review Alteration to code/automation or publicsuffix.org site ❔❔ question Open question, please look / answer / respond 🚩🚩🚩Want Browser Feedback 🚩🚩🚩 Topics that would benefit from input of Browser dev
Projects
None yet
Development

No branches or pull requests

2 participants