The Internet hit a great DNSSEC deployment milestone today – over 50% of all TLDs are now signed! As Chris Thompson pointed out on the dnssec-deployment mailing list, if you go to a site such as ICANN’s TLD DNSSEC report that was run this morning, you’ll now see that 222 (53%) of 415 TLDs in the root zone of DNS are now signed with DNSSEC. Even better, 216 (52%) have a DS record in the root zone, which means that the DNSSEC “chain of trust” can be established for domains underneath all of those TLDs:
Now, granted, as Chris noted in his message, this milestone has primarily happened because of the ongoing influx of all the DNSSEC-signed “new generic top-level domains (newgTLDs)“. You can see this rather dramatically in a graph from Rick Lamb’s DNSSEC statistics site:
Regardless, it is great to see this milestone!