Off-topic, but speaking of spurring adoption of DNSSEC: does anyone know of any good (dumbed-down) guides on setting up DNSSEC on personal domains / using dnssec-keygen? I keep seeing it mentioned in HN threads as a Good Thing, and I know my registrar supports it, but they have a big warning:
"It is strongly recommended that you do not enable this option unless you have a good understanding of what it is and does: you could easily make your domain name inoperative."
which doesn't exactly inspire confidence, especially since most small website owners (such as myself) really don't have a good understanding of it!
As a small website owner, are you using TLS? That's the biggest single thing you should be doing - don't worry about DNSSEC.
This depends on what you mean by "small", but IMHO, you don't need DNSSEC. Depending on how small/important your website is, you probably don't even need to bother with DNSCurve either, though you might like to for the fun of it.
Thanks for the link; that's actually very informative. My interest in DNSSEC came from reading that it provided a mechanism to securely transmit SSH host key fingerprints, though I'm not sure if there's a better way of doing that.
> As a small website owner, are you using TLS?
Yes, but I don't require it. Just a free certificate from StartSSL.
"It is strongly recommended that you do not enable this option unless you have a good understanding of what it is and does: you could easily make your domain name inoperative."
which doesn't exactly inspire confidence, especially since most small website owners (such as myself) really don't have a good understanding of it!