[dns-operations] Some DNSSEC adoption data points, anyone know of more comprehensive surveys?

Viktor Dukhovni ietf-dane at dukhovni.org
Tue May 1 19:15:56 UTC 2018

> On May 1, 2018, at 2:55 PM, Rubens Kuhl <rubensk at nic.br> wrote:
> The gaps likely come from TLDs that don't publish zone files, like .br and .de, but publish DNSSEC totals. https://www.internetsociety.org/deploy360/dnssec/statistics/ has a good collection of stats links.

Yes, throw in .nl, .cz, .be, .dk, and a few more and that's
likely the bulk of signed domains I'm missing.  One can of
course try to piece together aggregate numbers from the
respective TLDs.

I guess I was curious whether anyone is doing that, and
arrives at a more comprehensive overall picture.  For me,
the point is to track DANE adoption, and DNSSEC-adoption
numbers are more of a side-effect than a goal.  So I've
not seen any surveys that reach totals near or above the
~6 million domains I'm now tracking.  With the 1.6 million
"missing" domains in .NL and around 800k missing from .br,
... I would estimate world-wide adoption at around 9
million delegations from TLDs and various public suffix
2LDs (and some 3LDs).

It would be great if some survey was comprehensive enough
(or aggregated enough authoritative sources) to make that
more precise, and regularly available.

> Google Transparency Report (https://transparencyreport.google.com/safer-email/overview , https://storage.googleapis.com/transparencyreport/google-safer-email.zip) has a 64322 lines spreadsheet of domains listing their encryption share that might be worth looking into.

Yes, I've been consuming that dataset for a few years.  They
seem to have a rather high volume cut-off, even medium side
domains don't appear in the list.  I work for a mid-size
company, we're not listed, nor of course is my personal
domain, no matter how many messages a day I send to the
TLS WG list. :-)


More information about the dns-operations mailing list