Source:CircleID: Top-Level Domains
After the DNS root zone was finally signed and a number of Top-Level Domains (TLDs) began signing their zones, we were curious to see how many clients actually request DNSSEC information. We looked at the RIPE NCC server that provides secondary service to several country code top-level domains (ccTLDs).
This server answers around 5,000 queries per second on average. In the image below you can see the percentage of those queries that requested DNSSEC information during August 2010:
More than 50% of all queries request DNSSEC information from this server. This is very encouraging and shows that DNSSEC is being deployed.
Here are some guidelines for configuring your caching resolvers to use the root zone DNSSEC key:
BIND: https://dnssec.surfnet.nl/?p=402
Unbound: https://dnssec.surfnet.nl/?p=212For more details on this topic, please refer to RIPE Labs:
https://labs.ripe.net/Members/dfk/dns-clients-do-request-dnssec-todayWritten by Daniel Karrenberg, Chief Scientist at the RIPE NCC
Tags: caching Chief Scientist Daniel Karrenberg dns dnssec Domain Names Domain News Elsewhere... internet news regional_registries security top_level_domains
