DNSSEC is much worse than the alternative, which is no zone signing at all. If you screw up your TLS certificate, your site does not vanish off the Internet.
DNSSEC is something I've studied and worked on (I'm one of [I assume] the few people on this site that has built a working implementation of it) for going on two decades right now. Sorry, I have opinions and a position on it, they're informed opinions, and you're going to have to suffer them.
DNSSEC is something I've studied and worked on (I'm one of [I assume] the few people on this site that has built a working implementation of it) for going on two decades right now. Sorry, I have opinions and a position on it, they're informed opinions, and you're going to have to suffer them.