Deploy360 14 January 2015

Over 600 Top-Level Domains Now Signed With DNSSEC

By Dan YorkDirector, Internet Technology

As I was entering in data for the weekly DNSSEC Deployment Maps, I was struck by the fact that we are now at the point where 615 of the 793 top-level domains (TLDs) are now signed with DNSSEC. You can see this easily at Rick Lamb’s DNSSEC statistics site:

DNSSEC statistics

This represents 77% of all current TLDs!

Now, granted, most of that amazing growth in the chart is because all of the “new generic TLDs” (newgTLDs) are required to be signed with DNSSEC, but we are still seeing solid growth around the world.  If you look at the most recent DNSSEC Deployment Maps you can see that much of the world is being shown as “green” as more and more country-code Top Level Domains (ccTLDs) sign with DNSSEC:

ccTLD dnssec deployment map

Of course, having a TLD signed doesn’t mean that the second-level domains will be signed with DNSSEC. As various DNSSEC statistics sites will show, the percentage of signed second-level domains varies widely, from around 80% in .GOV down to tiny percentages in other TLDs.

BUT… the key point is that the first step in signing your domain is to be sure that your TLD is signed!

After the TLD has been signed, THEN steps can be taken to get more DNSSEC deployment happening underneath that TLD.  Look at how successful Norway has been with .NO after they recently signed the domain!

With some of the work that is happening via various DNSSEC Workshops,  ICANN’s DNSSEC training and other forums I know that we’ll see more and more of the TLDs being signed in the months ahead.  The excuse that “TLDs are not signed with DNSSEC” can no longer be used as an excuse for NOT working with DNSSEC and DANE!

Great to see!

P.S. If you want to get started with DNSSEC, please visit our Start Here page to find resources to help you begin.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...