<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<blockquote type="cite"
cite="mid:acc11419-5aee-65ff-fab5-db6cea700f2e@freenet.de">
<pre class="moz-quote-pre" wrap="">Apparently there seems to be a misunderstanding at my end, e. g. where
is the point of validation if the majority of domains are not signed?</pre>
</blockquote>
<br>
The validation happens at the resolver and the result of the
validation could be relayed to the client, that if the client is
interested to know (poll) the outcome of the validation.<br>
Yet none of the browsers, and probably the majority of other client
applications such as mail clients, lack native support of presenting
the result of the validation to the user.<br>
<br>
<blockquote type="cite"
cite="mid:acc11419-5aee-65ff-fab5-db6cea700f2e@freenet.de">
<pre class="moz-quote-pre" wrap="">In my current (and now updated!) understanding, in all these cases I can
never be sure to actually talk to the web site I wanted to?</pre>
</blockquote>
<br>
True, since DNSSEC validation is not presented by any browser or
other client applications. One could always read the log file of the
resolver, but that is cumbersome, or code an extension for web
browser(s) (or other client applications) since their vendors do not
exhibit any interest to implement DNSSEC validation presentation (as
of today).<br>
<br>
<blockquote type="cite"
cite="mid:acc11419-5aee-65ff-fab5-db6cea700f2e@freenet.de">
<pre class="moz-quote-pre" wrap="">Unbound has opened my eyes in this project so far. It helps me to use
rolling DNS-servers of choice, it encrypts my queries and shows me what
is going on.
My conclusion so far: DNSSEC remains an illusion. Would that be correct?</pre>
</blockquote>
<br>
It is reality, but what is the point of implementing it for a
domain, though I have for mine, if the validation results are not
presented in a meaningful way to clients?<br>
<br>
</body>
</html>