Donate
State of DNSSEC Deployment 2016 report shows over 89% of top-level domains signed Thumbnail
‹ Back
Domain Name System Security Extensions (DNSSEC) 4 January 2017

State of DNSSEC Deployment 2016 report shows over 89% of top-level domains signed

Dan York
By Dan YorkDirector of Web Strategy

Did you know that 89% of top-level domains are now signed with DNSSEC? Or that over 88% of .GOV domains and over 50% of .CZ domains are signed? Were you aware that over 103,000 domains use DANE and DNSSEC to provide a higher level of security for email? Or that 80% of clients request DNSSEC signature records in DNS queries?

All these facts and much more are available in our new State of DNSSEC Deployment 2016 report.

For many years a wide variety of statistics about DNSSEC deployment have been available, but it’s been challenging to get an overall view. With this report our goal is to help people across the industry understand where the deployment of DNSSEC is at – and what challenges still need to be overcome.

To back up a bit, the “DNS Security Extensions”, or “DNSSEC”, provide a way to be sure you are communicating with the correct web site, service, or application. Before your mobile phone, laptop or other device connects to a site on the Internet, it must first obtain the correct IP address from the Domain Name System (DNS). Think of DNS similar to the “address book” you may have in your phone. You may look up “Dan York” in your contact list and call me – but underneath that your phone figures out the actual telephone number to call to reach me. DNS provides a similar directory function for the Internet.

The challenge is that there are ways an attacker can spoof the DNS results which could wind up with you connecting to the wrong site. Potentially you could wind up providing information to an attacker or downloading malware.

DNSSEC uses a system of digital signatures – and the checking of digital signatures (what we call “validation”) – to ensure that the information you get out of DNS is the same information that the operators of the domains put into DNS.

At a high level, this is what DNSSEC does – it makes sure you can trust the information you get from DNS. (You can read more on our DNSSEC Basics page.)

The basics of DNSSEC have been standardized for most of 20 years, but until the root zone of DNS was signed in 2010, there wasn’t much deployment. In the six years since, deployment has continued to grow. This report outlines that growth and provides a view into where that growth is happening and much more.

We encourage you to read and share this report widely. And if you haven’t yet started deploying DNSSEC validation on your own networks – or haven’t started signing your domains with DNSSEC – you can visit our Deploy360 Start page to find resources to help you begin.

Using DNSSEC allows us to have a higher level of trust in the domain names we use every day on the Internet. I hope you will join with me and others in deploying DNSSEC and building a more trusted Internet!

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Congrats to Spain (.ES) and Croatia (.HR) on on their DNSSEC-signed TLDs in the DNS Root
Deploy36017 July 2014

Congrats to Spain (.ES) and Croatia (.HR) on on their DNSSEC-signed TLDs in the DNS Root

Congratulations to the teams at the top-level domains (TLDs) of both .ES (Spain) and .HR (Croatia) for getting their DNSSEC-signed TLDs...

New report: "State of DNSSEC Deployment 2016"
Deploy3604 January 2017

New report: “State of DNSSEC Deployment 2016”

What is the current state of deployment of the DNS Security Extensions? (DNSSEC) How many domains are secured with DNSSEC?...

Great News! Over 50% Of All Top-Level Domains Now Signed With DNSSEC!
Deploy36020 January 2014

Great News! Over 50% Of All Top-Level Domains Now Signed With DNSSEC!

The Internet hit a great DNSSEC deployment milestone today - over 50% of all TLDs are now signed! As Chris...

Join the conversation with Internet Society members around the world