@stepan Well my old nameserver provider / domain registrar supported DNSSEC in one click, but my current one only supports adding an existing DNSSEC key from other authority to the domain record, i e. from Cloudflare or even my old provider.
Now it looks like I have to get back to the nameservers of the old provider with my current registrar to get DNSSEC to work.
@peterbabic Yea, this is for me the must have criteria for my domain registrar. I also don't want to hassle with keys myself on my hobby projects. I just want my provider to have it automated for me as service.
@stepan there's lot of controversy, like clients do not verify it sufficiently or that the big players do not even use it. It is definitely not solving all problems, and it only protects against a few attacks, in my current understanding. Anyway, vďaka za koment
@peterbabic I know, but that's nothing you can change. Using DNSSEC on your side is enough for todays dns technology and standards. If the remote side is not verifing retrived records is remote's side problem. Not yours. 🙂
Štěpán Škorpil's personal Mastodon server - instance of federated social network