Home / Blogs

Over 75% of All Top-Level Domains (TLDs) Now Signed With DNSSEC

As I was entering in data for the weekly DNSSEC Deployment Maps, I was struck by the fact that we are now at the point where 617 of the 795 top-level domains (TLDs) are now signed with DNSSEC.

You can see this easily at Rick Lamb's DNSSEC statistics site:

This represents 77% of all current TLDs!

Now, granted, most of that amazing growth in the chart is because all of the "new generic TLDs" (newgTLDs) are required to be signed with DNSSEC, but we are still seeing solid growth around the world. If you look at the most recent DNSSEC Deployment Maps you can see that much of the world is being shown as "green" as more and more country-code Top Level Domains (ccTLDs) sign with DNSSEC:

Of course, having a TLD signed doesn't mean that the second-level domains will be signed with DNSSEC. As various DNSSEC statistics sites will show, the percentage of signed second-level domains varies widely, from around 80% in .GOV down to tiny percentages in other TLDs.

BUT… the key point is that the first step in signing your domain is to be sure that your TLD is signed!

After the TLD has been signed, THEN steps can be taken to get more DNSSEC deployment happening underneath that TLD. Look at how successful Norway has been with .NO after they recently signed the domain!

With some of the work that is happening via various DNSSEC Workshops, ICANN's DNSSEC training and other forums I know that we'll see more and more of the TLDs being signed in the months ahead. The excuse that "TLDs are not signed with DNSSEC” can no longer be used as an excuse for NOT working with DNSSEC and DANE.

It's great to see this growth in the signing of TLDs and we look forward to the rest of the TLDs being fully signed in the time ahead.

(An earlier version of this post was posted on the Internet Society Deploy360 blog.)

By Dan York, Author and Speaker on Internet technologies - and on staff of Internet Society – Dan is the Director of Web Strategy, and Project Lead, Open Standards Everywhere, for the Internet Society but opinions posted on CircleID are his own. View more of Dan's writing and audio here. Visit Page

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Comments

 Be the first to post a comment!

Add Your Comments

 To post your comments, please login or create an account.

Related

Topics

Whois

Sponsored byWhoisXML API

Cybercrime

Sponsored byThreat Intelligence Platform

DNS Security

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

Brand Protection

Sponsored byAppdetex

IP Addressing

Sponsored byIPv4.Global

New TLDs

Sponsored byAfilias

Domain Names

Sponsored byVerisign