DNSSEC Adoption

The 2024 Survey by
eco topDNS Initiative

TopDNS Logo

The smooth functioning of the Internet relies heavily on the Domain Name System (DNS). Every online interaction, from visiting websites to sending emails and accessing images on social media, uses the DNS to translate domain names (e.g. www.eco.de) into IP addresses (e.g. 46.31.121.137 and 2a02:c50:6209:702::9). These IP addresses allow servers, routers and other network services to route traffic accurately across the Internet.

DNSSEC adds two important features to the DNS protocol:

  • Authentication of data origin, which allows a resolver to cryptographically verify that the data it receives is indeed from the expected zone.
  • Data integrity protection, which assures the resolver that the data has not been tampered with during transmission, as it was originally signed by the zone owner using the zone’s private key.

DNSSEC thus enhances the security of the DNS. These digital signatures are stored in DNS name servers alongside regular record types such as A, AAAA, MX, CNAME, etc. By verifying the associated signature, one can confirm that a requested DNS record originates from its authoritative name server and has not been altered in transit, as opposed to a spoofed record that is susceptible to man-in-the-middle attacks.

DNSSEC was first introduced at root level on 15 July 2010. It’s adoption rate varies widely between EU member states:

  • Finland: 94%
  • Czechia: 91%
  • Sweden: 87%
  • Denmark: 81%
  • Germany: 70%
  • Netherlands: 58%
  • Romania: 4%

The actual usage of DNSSEC varies even more:

  • Finland: 9%
  • Czechia: 51%
  • Sweden: 32%
  • Denmark: 53%
  • Germany: 4%
  • Netherlands: 50%
  • Romania: 2%

Source: https://ec.europa.eu/internet-standards/dns.html

eco wants to support its members in the implementation and use of DNSSEC. The survey is anonymous. The following six questions will help us to assess the current situation. We would like to present the detailed results of the DNSSEC survey in a virtual meeting in Q3 2024.

    Do you feel adequately informed about DNSSEC?

    What stumbling blocks do you think stand in the way of widespread implementation?

    Do you plan activities (e.g. introduction, expansion of use, etc.) regarding DNSSEC until 2026?

    Which of the following statements apply most to you (multiple answers possible)?

    Should the eco Association become more involved in the wider use of DNSSEC?

    My company is

    I have read and agree to the privacy policy
    We process the personal data you provide in this form exclusively for the purpose of answering and processing your enquiry. For further information, please refer to our privacy policy.