Amid quite a lot of hoopla the root DNS zone of the global public Internet "graduated" into full DNSSEC operation on July 15 (give or take a day depending on the timezone). Having been involved with DNSSEC since it was still a DARPA research project in the mid 1990's, I don't know whether I want to be happy to see this (joining in the crowd of folks congratulating each other on a job well done) or just a little cynical that it took so long to get here (joining in with the crowd that fails to see the great accomplishment).

DNSSEC represents a lot of work by a lot of people over a very long time.
Even four years ago I began to feel that it had already benefitted the Internet even if DNSSEC never reached adoption. We learned a lot about the DNS during the process of engineering the extensions, fixed a lot of would be problems and cleaned up the definitional documents (the RFCs) describing DNS.

One of the criticisms I hear today is that DNSSEC is complicated, a poor design. That is one criticism that I believe is not just unfair, but wrong.
I know because I have thoroughly gone through, and in places helped create, the design. Adding security to the DNS is not easy, especially given the shape the DNS had gotten into after its first decade of operation. I can understand that people feel DNSSEC is ugly, but the appropriate comeback to such a charge is "it could have been uglier, much uglier."

To me, my feeling about yesterday's events is like a high school graduation.
High school graduation is the culmination of a lot of work and there will be some partying, such as the planned events at the next IETF. But, it still is "just" a high school graduation, the future is ahead, there's a lot of life's lessons to be learned and still a long time until the "payoff" will be felt.

The "education" of DNSSEC is not finished (e.g., we still don't know how we will get the DS records into registrars yet), there is very little "time tested" code and tools out there for operators, and may more things to be concerned about. We still have to take on, and then repay "college loans"
before DNSSEC will show a positive economic impact.

DNSSEC deployment is not over. Far from it. Despite the major milestone reached yesterday. Celebrate the accomplishment, eye what can be improved, and let's continue on.