[dns-operations] Recent domain counts for DS algorithms 5, 7, 8 and 13
Viktor Dukhovni
ietf-dane at dukhovni.org
Wed Jan 15 00:02:36 UTC 2020
On Tue, Jan 14, 2020 at 04:19:44PM +0000, James Stevens wrote:
> Very interesting - what TLDs does this cover?
All of them, though for many ccTLDs I have incomplete data, but
generally at least 50% and more typically closer to 90% of the
signed delegations. For the gTLDs the coverage is much better,
so I have 100% of e.g. .com, .net, .org and the new gTLDs.
> When I looked there was a definite bias for 13 in NET, but less so in COM
>
> I also found a few 14s - not many, but a few.
* In .COM 43.4% (652568 out of 1504863) signed domains have algorithm 13 DS RRs
* In .Net 35.5% (59363 out of 167372) signed domains have algorithm 13 DS RRs
So, actually, at this time P256 is more frequent among .COM domains.
This is perhaps in large part because 180147 of the algorithm 13 .COM
domains are operated by one.com, who have recently rolled over most of
their domains to algorithm 13. One.com only operate 7627 signed .net
domains.
It'll be interesting to see how aggressively Godaddy deploys DNSSEC for
their managed DNS domains, and what algorithm they'll choose, with IIRC
DNSSEC at Godaddy slated to be generally available, rather than just a
premium option. If (say hypothetically) Goddady signed most of their
.COM domains, whatever they'd do would dwarf the other numbers.
--
Viktor.
More information about the dns-operations
mailing list