Ron Aitchison writes he “was talking to my good friend Verner Entwhistle the other day when he suddenly turned to me and said ‘I don’t think we need DNSSEC’. Sharp intake of breath. Transpired after a long and involved discussion his case boiled down to four points: 1. SSL provides known and trusted security, DNSSEC is superfluous, 2. DNSSEC is complex and potentially prone to errors, 3. DNSSEC makes DoS attacks worse, 4. DNSSEC does not solve the last mile problem. Let’s take them one at a time.”
To read the rest of Ron’s article, see http://www.circleid.com/posts/070814_case_against_dnssec/