Deploy360 11 September 2012

Can You Add 1 Line of HTML To Your Site To Help Measure DNSSEC Usage?

By Dan YorkDirector, Internet Technology

DNSSEC validator search resultsCan you please help out with efforts to measure the number of DNSSEC-validating DNS resolvers out there?

The folks at Verisign Labs are conducting some research into trying to understand what level of DNSSEC-validating resolvers are out on the open Internet. This is critical to understand as the availability of DNSSEC-validating resolvers is a key piece of getting DNSSEC deployed.

They are asking for your help.

If you operate a website, they are asking if you can please add one line of HTML to your site, preferably in a page header, footer, sidebar or other component that gets frequently loaded:


That’s it!  As they say on their page:

This HTML snippet should have no visible impact on a rendered page. Since nearly all web browsers now implement DNS prefetching, the code above results in a DNS query for the name shown and allows us to characterize the recursive name server that the query goes through.

They also mention that you can alternatively modify the HEAD element of your page to include this one line of code:

I’ve chosen this latter approach here at Deploy360 and as a result visitors to our site will be helping with this important research.  If we can get more sites adding this code, Verisign Labs can get that many more data points feeding in and helping them characterize the level of DNSSEC validating resolvers out there.

Here at Deploy360, we are in favor of research like this because we’d like to get a baseline now and then see trends over time.  Encouraging the wider deployment of DNSSEC-validating resolvers by ISPs and other network operators is one of the key activities we are planning to work on over the next 12 months – and this research will help us and many others understand how successful we are collectively in encouraging that deployment.

Can you please help you by adding a line of code to your site?  (Thanks!)

P.S. For those curious to learn more about “DNS prefetching” (also called “pre-resolving” by some) and how this research works, here are some articles you may find of interest:

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...