Talk:Domain Name System Security Extensions

This is the talk page for discussing improvements to the Domain Name System Security Extensions article. This is not a forum for general discussion of the article's subject.

Put new text under old text. Click here to start a new topic. New to Wikipedia? Welcome! Learn to edit; get help. Assume good faith Be polite and avoid personal attacks Be welcoming to newcomers Seek dispute resolution if needed Article policies Neutral point of view No original research Verifiability

Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL

Archives: 1Auto-archiving period: 12 months

This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computing Low‑importance This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing Low This article has been rated as Low-importance on the project's importance scale.

I'd go as far as to call it "malnourished". *When*, for starters, was DNSSEC-bis published? And where (which RFC)? And don't give me any "it's in other parts of the article" crap. An encyclopedia is not for reading completely, it's for finding info you're looking for (*especially* when you split it in sections), so the info one looks for MUST be in the section one reads/scans. — Preceding unsigned comment added by 46.223.163.123 (talk) 03:12, 12 February 2022 (UTC)[reply]

Hi, I didn't find any good information about why this causes technical difficulties but there appears to be a significant difference in how TLDs implement DNSSEC support. This probably should be pointed out somewhere in this article.

For example INWX lists for the TLDs .EU and .DE the DNSSEC support as "Yes (DNSKEY)"[1], but for most other TLDs I checked as "Yes (DS)"[2].

This appears to at least partially align with the TLDs for which e.g. namecheap (not) offers DNSSEC (.africa, .cm, .com.sg, .de, .eu, .nl, .ph, .sg, .so, .to, .com.au, .net.au, .org.au)[3]. All that INWX listed as "Yes (DNSKEY)" are included in this list. (The opposite however is not true, as .africa is listed as "Yes (DS)", so this attempted explanation is most likely still incomplete, or namecheap did not keep that page updated).

When I asked the support of namecheap for the reason behind their lack of DNSSEC support for e.g. the .DE TLD they only stated "the TLD does not support DNSSEC" (in contradiction to their KB article and what denic themselves says). Even when explicitly confronted with their own KB and this statement from denic [4] they didn't further clarify upon that statement. Therefore it sadly is not that easy to work out what exactly the technical difficulty between the supported and not supported ones by them is.

However it is clear that there must be some subtile but significant technical limitation at play.

It would be great if someone would be able to amend this article in this regard. Agowa (talk) 13:40, 12 March 2025 (UTC)[reply]