Hi.
I’m not sure I understand the purpose of desec. Probably because I’m getting DNSSEC wrong.
To use desec as DNS my domain provider needs to support DS records in his DNS. In that DNS record I add desecs signing key. Only changing NS records would break DNSSEC’s chain of trust.
However, once my domain provider supports DS records they also support DNSSEC. So what’s the advantage of adding desec? I thought its main mission is to proliferate DNSSEC usage. It makes no sense, to already have a DNSSEC Nameserver just to get a second DNSSEC enabled Nameserver.