Deploy360 26 April 2012

Nic.at Publishes DNSSEC Report With .AT Statistics, Info

By Dan YorkDirector, Internet Technology

dot at reportThis month the folks at Nic.at, the Austrian registry, published an interesting “.at report” that was entirely devoted to DNSSEC and was full of statistics and charts.

The driver for this focused report was the DNSSEC signing of the .at domain on February 29, 2012. This report, one of a series of regular reports from nic.at, first discusses the signing of the .at domain and provides some global statistics about DNSSEC adoption.

The report then covers some stats about DNSSEC implementation at domain name registrars supporting .AT domains which shows there is definitely room for growth. Only 14 .AT registrars currently support DNSSEC… but that to me is actually good news because there are no .AT registrars listed on either our Deploy360 list of DNSSEC registrars nor on ICANN’s list – so obviously it sounds like there are a few more registrars we can add!

I found one set of statistics about registrar plans of interest, in part for the interesting difference between two of the questions:

DNSSEC statistics

Here 51% believe that DNSSEC will prevail as an additional security measure… but only 23% viewed DNSSEC as significant for them as a registrar. (I would say some education is necessary there, eh?)

Also, only 15% have received customer requests about DNSSEC. (Clearly, we as consumers need to be contacting registrars – and encouraging people we know to contact registrars – to increase this percentage!)

I also found the question about whether DNSSEC was a paid option or not to be intriguing:

There is a rather different approach of the six questioned .at-registrars that offer DNSSEC-compliant nameserver services: half of them charge fees, one registrar actively promotes DNSSEC without additional fees, and one third offers DNSSEC for free without any active promotion.

It will be interesting to see over time how these different business models continue. I appreciated the fact that Nic.at’s partner list has a “Partner Search” tab where you can check a box for “supports DNSSEC” to see only the DNSSEC-enabled registrars. Unfortunately in a very brief scan of the actual partner sites I couldn’t find mentions of DNSSEC in their web pages… but I didn’t do a very deep look.

The report goes on to provide a timeline for the .AT signing and some other information and interviews.  Nic.at also provides a couple of sections of their site related to DNSSEC:

Congratulations to the Nic.at team for the signing of the .AT zone and it’s great to see a focused newsletter like this helping educate people about what is going on with DNSSEC. It will be great to see the growth of signed .AT domains as this word gets out and as more registrars support DNSSEC and make it easier for domain name holders to sign their domains.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...