I had a conversation recently on a podcast which explored the requirement, particularly as it relates to DNSSEC. In short: this may be required for PFS against packet capture of contents, TLS sessions, you-name-it but for the signed state of the DNS, it's very unclear there is a risk here.<p>The reason it's unclear is that the defensive move by NIST is to maintain the 20-30 year forward secrecy intention. Move now, IN CASE PQC HAPPENS but also in case non Q methods weaken RSA2048. Well, fair enough. But the DNS doesn't have a 20-30 secrecy requirement: It's a different use case.<p>OTOH moving to ECC is good because it reduces packet size but at a cost of moving compute burdens into the client space. Stll, it makes sign-at-the-edge easier, and it makes IPv6 DNS work better.