Categories
Deploy360 Domain Name System Security Extensions (DNSSEC)

Another Great DNSSEC Statistics Site For Second-Level Domains – rick.eng.br

Want to know how many domains are signed with DNSSEC under each top-level domain (TLD)?  We now have another site to help!  For over a year now, every week I use a great site that Rick Lamb maintains at:

http://rick.eng.br/dnssecstat/

so that I can find out what new domains I need to add to our DNSSEC Deployment Maps database. By default he shows a reverse-chronological list of all the TLDs that are signed.

BUT…

… if you look over on the right side Rick has added something new!  Two new columns labeled “% Signed” and “Misc”.  These show you:

  • The percentage of total domains that are signed with DNSSEC;
  • The raw numbers of signed domains / total domains.

What’s very cool is that you can click on each heading to sort the columns. Click once to sort from lowest to highest. Click once more to sort from highest to lowest.

This second sort is where it gets interesting.

With the “% Signed” you have to scroll down a bit because of course brand new TLDs that only have one domain (often nic.TLD) and also have that domain signed score 100%.  But as you go down the list it starts to get more interesting.  Here’s a view part of the way down:

DNSSEC Statistics

What I find MUCH more interesting, though, is the raw numbers showing the number of DNSSEC-signed domains.  Click on the “Misc” heading cell twice and you get something like this:

DNSSEC stats

That shows us that .NL has the most with 2.4 million domains signed followed by .COM with 491 thousand domains and then .CZ, .SE and onwards.

What you will notice that is different here from the ntldstats DNSSEC stats site I wrote about last week is that Rick’s site pulls in data from some of the country-code TLDs (ccTLDs) and also some of the original generic TLDs (gTLDs) such as .COM, .NET, etc.    The ntldstats site is (understandably) only about the “new gTLDs” whereas Rick’s site covers the wider range of TLDs.

Notice that I said “some” of the ccTLDs and gTLDs.  Rick can only incorporate data from TLDs that provide some kind of feed he can use.  If you scroll on down the list you’ll see that there are TLDs there that have no numbers next to them:

DNSSEC stats

However, we know from NIC.BR’s statistics page that .BR has 747,000 domains signed with DNSSEC, which would move it into the second position above .COM in the listing.  Similarly .ORG has many signed domains, too.

Over time hopefully we can get these other TLDs to offer statistics feeds in a way that sites like Rick’s can consume them and help provide a more solid view of overall DNSSEC deployment.

Meanwhile, it’s fantastic that Rick has made these updates to his site and it is a great service to the larger Internet community that he maintains this info. (Thanks, Rick!)

I’m looking forward to seeing these numbers grow!

P.S. If you’d like to help these numbers grow, why not head over to our Start Here page and find out how can get started with signing your domains with DNSSEC?