[dns-operations] Some DNSSEC adoption data points, anyone know of more comprehensive surveys?

Viktor Dukhovni ietf-dane at dukhovni.org
Tue May 1 20:05:16 UTC 2018

> On May 1, 2018, at 3:39 PM, Paul Ebersman <list-dns-operations at dragon.net> wrote:
> viktor> The elephant in the room is Godaddy, I've not seen much interest
> viktor> in DNSSEC from them as yet.  We'll know DNSSEC has arrived when
> viktor> Godaddy DNS customers routinely have DNSSEC enabled.
> Not quite true. Some of their DNS products have a check box that says
> something innocuous like "Do you want your DNS to be secure?". If you
> check yes, you get DNSSEC and they charge you more. So they have
> interest but they think they can make money at it...

Yes, they do host some (which for Godaddy means many) signed domains, I did
say "routinely". :-)

I've found ~5400 DNSSEC-signed domains with <something>.secureserver.net
for an MX host.  While http://viewdns.info/ reports ~37,712,811 domains
using smtp.secureserver.net!  So DNSSEC penetration is pretty thin at

> I've talked to their tech folks and they kinda get it but we need their
> C-levels to buy in that this is a good thing but not a major untapped
> profit center.

Yes.  So my point was that the "myetherwallet" event may be helpful
in the conversation between the technical folks and the C-suite
at providers like that, sooner than substantially greater grass-roots
demand from users, which will continue to be held back by costs and
technical barriers.

Shumon is doing interesting work on multi-provider DNSSEC, that too
may need to be sorted out to pave the way forward.


More information about the dns-operations mailing list