snowtigger (204757) writes "Google’s Public DNS service, behind the well-known 126.96.36.199 and 188.8.131.52 IP addresses, now supports DNSSEC validation. Previously, the service accepted and forwarded DNSSEC-formatted messages but did not perform validation.
Effective deployment of DNSSEC requires action from both DNS resolvers and authoritative name servers. Resolvers, especially those of ISPs and other public resolvers, need to start validating DNS responses. Meanwhile, domain owners have to sign their domains. Today, about 1/3 of top-level domains have been signed, but most second-level domains remain unsigned. From the daily 130 billion DNS queries the service receives, only 7% of queries from the client side are DNSSEC-enabled (about 3% requesting validation and 4% requesting DNSSEC data but no validation) and about 1% of DNS responses from the name server side are signed."
Link to Original Source