[menog] New Report on "State of DNSSEC Deployment 2016" Shows Continued Growth

Fahd Batayneh fahd.batayneh at icann.org
Sun Jan 15 17:30:56 UTC 2017




Did you know that over 50% of .CZ domains are now signed with DNS Security
Extensions (DNSSEC)? Or that over 2.5 million .NL domains and almost 1
million .BR domains are now DNSSEC-signed? Were you aware that around 80% of
DNS clients are now requesting DNSSEC signatures in their DNS queries? And
did you know that over 100,000 email domains are using DNSSEC and DANE to
enable secure email between servers?


These facts and many more are available in a new report published by the
Internet Society: State of DNSSEC Deployment 2016


While many separate sites provide DNSSEC statistics
<http://www.internetsociety.org/deploy360/dnssec/statistics/> , this report
collects the information into a series of tables and charts that paint an
overall picture of the state of DNSSEC deployment as of December 2016.


As the report indicates, there has been steady and strong growth in both the
statistics around DNSSEC signing and validation - and also in the number of
tools and libraries available to support DNSSEC. It also discusses the
growth of DANE usage (DNS-based Authentication of Named Entities),
particularly for securing email communication.


That growth, though, is not evenly distributed.


In some parts of the world, particularly in Europe, there is solid growth in
both DNSSEC signing and validation. In other parts of the world, the numbers
are significantly lower.


Similarly, while some country-code top-level-domains (ccTLDs) such as .CZ,
.SE, .NL and .BR are seeing high levels of DNSSEC signing of second-level
domains, other ccTLDs are just beginning to see DNSSEC-signed domains. And
among the other TLDs, some such as .GOV have almost 90% of their
second-level domains signed, while .COM has under 1% signed.


The report dives into all this and more. Beyond statistics, the document
explores some of the current challenges to deployment of DNSSEC and provides
a case study. It also includes many links to further resources for more
exploration. Creating a report of this level involves a great number of
people. I'd like to thank all the members of the DNS / DNSSEC community who
provided data, reviews, proofreading and other support.


Our intent is that this will be an annual report where we can look back and
see what has changed year-over-year. Our target now is for the 2017 report
to be delivered at the DNSSEC Workshop at ICANN 100 in November. To that
end, I would definitely welcome any comments people have about what is in
the report and what people find useful and helpful. I'd also welcome
comments about anything we may have missed. 
Please do read and share this report widely
<https://www.internetsociety.org/doc/state-dnssec-deployment-2016> . We'd
like people to understand the current state of DNSSEC deployment - and how
we can work together to accelerate that progress. On that note, if you want
to get started with DNSSEC for your own network or domains, many resources
are available to help <http://www.internetsociety.org/deploy360/start/> .


P.S. an audio commentary is also available
<https://soundcloud.com/danyork/tdyr-320-the-state-of-dnssec>  on this topic
for those interested in listening to me talk about this topic.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.menog.org/pipermail/menog/attachments/20170115/9256710b/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5155 bytes
Desc: not available
Url : http://lists.menog.org/pipermail/menog/attachments/20170115/9256710b/attachment.bin 

More information about the Menog mailing list