It appears that Michele Neylon - Blacknight via anti-abuse-wg <michele@blacknight.com> said:
-=-=-=-=-=- -=-=-=-=-=-
Serge
Several ccTLD registries have given discounts for DNSSEC.
What is unclear is how many of the domains with DNSSEC enabled are in active use, so the lack of �problems� could be simply down to a complete lack of us / ignorance that the technology was enabled.
My main issue with focus on DNSSEC is that it is seen being a �good use� of resources, so small registries who should invest in other things that are fundamentally more important feel obliged to enable it. There�s also the entire �I�ve got DNSSEC so now my domain / site / service is secure� belief. Much like people who think that smacking an SSL cert on their site magically renders it secure.
It makes sense if you're likely to be a phish target or you're sophisticated enough to use DANE. DNSSEC works pretty well for Comcast. I agree that for random little private domains the benefit is marginal. R's, John