[dns-operations] A survey of security related DNS record deployment
Viktor Dukhovni
ietf-dane at dukhovni.org
Wed Dec 30 01:43:31 UTC 2020
On Tue, Dec 29, 2020 at 10:53:02AM +0000, Robert Mortimer wrote:
> I had a bit of time over Christmas so got round to doing my
> annual(ish) survey of how widely various security related DNS records
> ( CAA, SPF, DMARC, DNSSEC etc. ) have been adopted. Adoption rates are
> backsliding compared to previous years if anything.
The sample size is rather small, and strongly biased towards the domains
of large established players, where change in infrastructure is slow to
happen. Overall DNSSEC use has increased substantially since 2017, and
growth has picked up particularly in 2020.
https://stats.dnssec-tools.org/
In 2017, reports were of ~7 million total DNSSEC domains, now more than
13.5 million. The number of signed ".com" domains (even without
incentive payments) has increased more than 3-fold:
https://stats.dnssec-tools.org/tld-graphs/com.png
You just don't see this in the top 50 web sites as yet, but 2021 looks
promising for increasingly strong growth.
> If this is due to lack of perceived business benefit, cost of adoption
> or lack of awareness I don't know. I do suspect that either some thing
> needs to be done to promote a wider adoption or they need to be
> consigned to history to free up resources to find better solutions.
My take is that the sample is too narrow to draw broad conclusions.
--
Viktor.
More information about the dns-operations
mailing list