2Eki
Why aren’t any Google’s domains DNSSEC signed?
While I was debugging something, I noticed that none of Google’s products domains (google.com, gmail.com, googleapis.com, gstatic.com…) are DNSSEC-signed.
It seems that Google offer an unofficial DNSSEC-signed MX records for their Google Workspace customers under the smtp.goog domain, but they are nor documented or officially supported.
I find this a bit surprising as they handle probably billions of DNS requests everyday and are subject to many DNS-related attacks.
Is there a reason for not deploying DNSSEC at this scale?
