DNSSEC Adoption
The 2024 Survey by
eco topDNS Initiative
The smooth functioning of the Internet relies heavily on the Domain Name System (DNS). Every online interaction, from visiting websites to sending emails and accessing images on social media, uses the DNS to translate domain names (e.g. www.eco.de) into IP addresses (e.g. 46.31.121.137 and 2a02:c50:6209:702::9). These IP addresses allow servers, routers and other network services to route traffic accurately across the Internet.
DNSSEC adds two important features to the DNS protocol:
- Authentication of data origin, which allows a resolver to cryptographically verify that the data it receives is indeed from the expected zone.
- Data integrity protection, which assures the resolver that the data has not been tampered with during transmission, as it was originally signed by the zone owner using the zone’s private key.
DNSSEC thus enhances the security of the DNS. These digital signatures are stored in DNS name servers alongside regular record types such as A, AAAA, MX, CNAME, etc. By verifying the associated signature, one can confirm that a requested DNS record originates from its authoritative name server and has not been altered in transit, as opposed to a spoofed record that is susceptible to man-in-the-middle attacks.
DNSSEC was first introduced at root level on 15 July 2010. It’s adoption rate varies widely between EU member states:
- Finland: 94%
- Czechia: 91%
- Sweden: 87%
- Denmark: 81%
- Germany: 70%
- Netherlands: 58%
- Romania: 4%
The actual usage of DNSSEC varies even more:
- Finland: 9%
- Czechia: 51%
- Sweden: 32%
- Denmark: 53%
- Germany: 4%
- Netherlands: 50%
- Romania: 2%
eco wants to support its members in the implementation and use of DNSSEC. The survey is anonymous. The following six questions will help us to assess the current situation. We would like to present the detailed results of the DNSSEC survey in a virtual meeting in Q3 2024.