terry> Thank you Fujiwara-san for doing some repeatable research! It's terry> been over 10 years since your valuable efforts. terry> Perhaps time to redo that with higher fidelity data from all the terry> RSO's? Better yet including data from the global public terry> resolvers? Agree with both kudos and desire for more recent redo of these efforts. ebersman> Resolver operators running antique resolvers or buying into ebersman> all the FUD that validating causes all sorts of failures users ebersman> will scream at them about? terry> I'll take that as a question to investigate.. Seeing if resolver operators are finally past the FUD would be interesting. My guess is that the trailing edge are enterprises/orgs (along with USG/DOD), rather than the large recursive farms or ISPs. The latter mostly have bought into validation. Another interesting question to me is if the growth of mobile devices has made any change in what mobile providers are doing in terms of DNSSEC validation. As for old software, based on my time doing tech support for BIND (when BIND8 was already deprecated but BIND4 was not uncommon enough) and at a large ISP, where the number of 10+ year old versions of DNSMASQ on routers was way too high, I think we all know how long old cruft still sticks around. We're still seeing A6 queries at the root, aren't we? :)