The folks over at CloudFlare published another great article earlier this week, “DNSSEC: Complexities and Considerations” that dives into more detail about some of the challenges of implementing DNSSEC. Specifically, author Nick Sullivan explores the:
- Exposure of DNS zone content through zone-walking
- DNSSEC key management
- DNS reflection/amplification attacks
He dives into the topics in great detail and explains what CloudFlare is planning to do to address each of these issues. I strongly encourage you to check it out!