Talk:Domain Name System Security Extensions

This is the talk page for discussing improvements to the Domain Name System Security Extensions article. This is not a forum for general discussion of the article's subject.

Put new text under old text. Click here to start a new topic. New to Wikipedia? Welcome! Learn to edit; get help. Assume good faith Be polite and avoid personal attacks Be welcoming to newcomers Seek dispute resolution if needed Article policies Neutral point of view No original research Verifiability

Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL

Archives: 1Auto-archiving period: 12 months

This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computing Low‑importance This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing Low This article has been rated as Low-importance on the project's importance scale.

Hi, I didn't find any good information about why this causes technical difficulties but there appears to be a significant difference in how TLDs implement DNSSEC support. This probably should be pointed out somewhere in this article.

For example INWX lists for the TLDs .EU and .DE the DNSSEC support as "Yes (DNSKEY)"[1], but for most other TLDs I checked as "Yes (DS)"[2].

This appears to at least partially align with the TLDs for which e.g. namecheap (not) offers DNSSEC (.africa, .cm, .com.sg, .de, .eu, .nl, .ph, .sg, .so, .to, .com.au, .net.au, .org.au)[3]. All that INWX listed as "Yes (DNSKEY)" are included in this list. (The opposite however is not true, as .africa is listed as "Yes (DS)", so this attempted explanation is most likely still incomplete, or namecheap did not keep that page updated).

When I asked the support of namecheap for the reason behind their lack of DNSSEC support for e.g. the .DE TLD they only stated "the TLD does not support DNSSEC" (in contradiction to their KB article and what denic themselves says). Even when explicitly confronted with their own KB and this statement from denic [4] they didn't further clarify upon that statement. Therefore it sadly is not that easy to work out what exactly the technical difficulty between the supported and not supported ones by them is.

However it is clear that there must be some subtile but significant technical limitation at play.

It would be great if someone was be able to contribute information about these issues. Agowa (talk) 13:40, 12 March 2025 (UTC)[reply]