Dnssec

• This post was co-authored by Peter Thomassen. • The adoption of Domain Name System Security Extensions (DNSSEC), while steadily rising, is still low after 20 years, at least in t

• To prepare for a future where powerful quantum computers exist, many systems using classical cryptography will need to migrate to Post-Quantum Cryptography (PQC). • One such syst

• PQC signatures far larger than ECDSA, causing DNSSEC responses to exceed UDP size limits. • Exceeding UDP limits forces more DNS queries to use TCP, increasing server load. • Rea