[dns-operations] Some DNSSEC adoption data points, anyone know of more comprehensive surveys?
Viktor Dukhovni
ietf-dane at dukhovni.org
Tue May 1 20:05:16 UTC 2018
> On May 1, 2018, at 3:39 PM, Paul Ebersman <list-dns-operations at dragon.net> wrote:
>
> viktor> The elephant in the room is Godaddy, I've not seen much interest
> viktor> in DNSSEC from them as yet. We'll know DNSSEC has arrived when
> viktor> Godaddy DNS customers routinely have DNSSEC enabled.
>
> Not quite true. Some of their DNS products have a check box that says
> something innocuous like "Do you want your DNS to be secure?". If you
> check yes, you get DNSSEC and they charge you more. So they have
> interest but they think they can make money at it...
Yes, they do host some (which for Godaddy means many) signed domains, I did
say "routinely". :-)
I've found ~5400 DNSSEC-signed domains with <something>.secureserver.net
for an MX host. While http://viewdns.info/ reports ~37,712,811 domains
using smtp.secureserver.net! So DNSSEC penetration is pretty thin at
present...
> I've talked to their tech folks and they kinda get it but we need their
> C-levels to buy in that this is a good thing but not a major untapped
> profit center.
Yes. So my point was that the "myetherwallet" event may be helpful
in the conversation between the technical folks and the C-suite
at providers like that, sooner than substantially greater grass-roots
demand from users, which will continue to be held back by costs and
technical barriers.
Shumon is doing interesting work on multi-provider DNSSEC, that too
may need to be sorted out to pave the way forward.
--
Viktor.
More information about the dns-operations
mailing list