Thanks everyone for your input!
I've read a dozen or so pages about DANE by now and I'm getting what it is all about (more or less).
I also understand that it adds additional security in a different way than certificates do, and as such I understand the added value.
However, to me it feels a bit like overkill. Does it really add so much security that it is worth the effort? (just thinking out loud)
Anyone want to comment on that? Is it worth it? Does it really make it much safer, compared to just certificate based security?
Yea i write above only with DNSSEC it works .
And there is in my opinion the real problem, DNSSEC was already old before as at this time it is somewhat real world feature.
With risks for you business , and maybe not so much pro's against the risks, extra safe hmm.
some info first read this
https://www.techworld.com/security/...is-about-change-should-we-be-worried-3645538/
Read then this
https://nakedsecurity.sophos.com/2017/10/04/dnssec-master-key-change-delayed-after-isps-struggle/
Then also:
https://nlnetlabs.nl/downloads/publications/dnssec/dnssecnl/secreg-report.pdf
1.1. What DNSSEC is not
A lot of people think DNSSEC will secure the Internet. That it will make an end to script kiddies and other nuisances currently found on the Net. This will not be the case. DNSSEC is designed to do one thing and that is to enable detection of spoofing attacks in the DNS. Other dreams about DNSSEC include use it as a PKI, a public key infrastructure. DNSSEC is not designed for this, and it therefore lacks core PKI operation
so
Hopefully with DNSSEC an increased security awareness will come to the Internet
some forcing to ... but who knows
https://www.theregister.co.uk/2015/...protocol_a_waste_of_everyones_time_and_money/
This is one of the major risks to come on this page
https://ianix.com/pub/dnssec-outages.html
Even for NASA.gov it seems to be to difficukt
https://ianix.com/pub/dnssec-outages/20171007-nasa.gov/
OFTOPIC:::
Lets hope for a better Secure Future, in my opinion also if real security and privacy is and should be so important everybody wanting, then if this is really really trough, this was a non issieu at all. ( knowledge and technics are there also possibilities for a long time). So yes less privacy, but with good rules and laws all checked by IT AI systems they obey and so on. ( No device without 100 % Reconignition, and no one before 100% Reconignized could connect to the SAFEWEB)
Yes if everybody/most want that it is possible.
2 WEBS 1 SAFE and 1 hmm "dark" it is all Politics, and yes everybody a chip under the skin, less crime, only the people with power as Agents and politics governments should be ruled out to have the power over this, it should be a AI on itself driven, so anonymous driven system, only yelling is really something scammy, crimminal persons, company's and so on are detected. ( no-one else should be affected in anyway, and privacy scam as Go.. Ub.. Fa.. TW... AMaZ.. should be ruled out then also)
BUT OK for some parts: country's , regimes there must stay a chance for freedom on the web, somehow i know that to.
You can only make things, and places safe if everybody really wants it. you teach your kids raise them well, school and universities has also the power to do that, starting so while the real future is again as always in the hands of the next generation.
No privacy att all could make the worl a better place, yes but only if the no privacy is engineered so that no-one has better or worse changes in live because of this, so everyone same chances and no one more. (lets say a polution in history some time back for that region, makes people a generation later ill, so health insurance for that people if detected is much higher or not possible, so if they know who lived there.... but if non inequality then such is ok.
Why name it but because of detecting and knowing such mostly cure and medicine is much quicker possible to heal if it is in BIG DATA, so should be a pro and good thing if not hat stupid threatehing inequality was there.
So please POLITICS, real Privacy is for a long time ago already gone, but make the best out of it and protect your people for the BIG data-driven inequality for the future