[dns-operations] A survey of security related DNS record deployment
Robert Mortimer
Robert.Mortimer at nominet.uk
Tue Dec 29 10:53:02 UTC 2020
Hopefully this will be of some interest.
I had a bit of time over Christmas so got round to doing my annual(ish) survey of how widely various security related DNS records ( CAA, SPF, DMARC, DNSSEC etc. ) have been adopted. Adoption rates are backsliding compared to previous years if anything.
If this is due to lack of perceived business benefit, cost of adoption or lack of awareness I don't know. I do suspect that either some thing needs to be done to promote a wider adoption or they need to be consigned to history to free up resources to find better solutions.
There is a greater (though still tiny) adoption rate of SVCB/HTTPS records than there is of TSLA/DANE despite the former still being a draft standard.
https://articles.scramworks.net/2020/12/the-state-of-dns-security-records-2020/
--
Robert Mortimer
Nominet
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20201229/5d0a8322/attachment.html>
More information about the dns-operations
mailing list