On Wed, 9 Sep 2009, Patrik Wallstrom wrote: >> Lesson learned: activating DNSSEC validation today is only for >> playing and should not be done in a production environment. > > .SE has been in production mode for the last 2.5 years. I agree that the conclusion that DNSSEC is only for playing is very outdated. > It has been working > very well in Sweden with all the major resolver operators performing DNSSEC > validaion. I would rather say that DLV is not ready for use in a production > environment. What are the Swedish ISP's loading into their resolvers? Just the .se key? Or all the keys from iTAR? Paul