ergophobe - 9:49 pm on Jan 30, 2013 (gmt 0)

Interesting - just did site: search on some big hosting services and overwhelmingly the search returns no results.

Anyway, this is sort of like DKIM is for email, but DKIM implementation is simple if you have the privileges to edit your zone records. But I don't think it's so simple to implement DNSSEC. Whereas email servers are looking for DKIM and SPF verification, browsers aren't looking for anything except when you access a site with https and the cert can't be validated.

And then there's this based on the huge number of DoS attacks coming through Cloudflare's DNS service:

Ironically, DNSSEC is currently making some DNS reflection attacks worse because of the large amount of data that DNSSEC can return.

[blog.cloudflare.com...]