← Back to context

Comment by tptacek

1 day ago

DNSSEC adoption on major European properties is also quite low! Try a bunch of domains out (`host -t ds <domain>`). There are more in Europe, of course, but not very many, at least not major ones. My hypothesis, I think strongly supported: the more mature your security team, the more internal pushback against DNSSEC.

2 comments

tptacek

Reply
8organicbits  1 day ago

Sure, I'll do some homework for you. I just took the latest Tranco top million list (7N42X) and scanned the top thousand .cz domains. 61% of the top 100 .cz domains have DS records as do 50.6% of the top thousand .cz domains. That matches what others have been reporting and doesn't seem "quite low" to me.

If you're interested in talking about something other than DNSSEC, I would be interested in your thoughts here.

  • tptacek  1 day ago

    Oh, if the Tranco list is interesting to you, you don't ever have to do any homework again; I continuously do it for you:

    https://dnssecmenot.fly.dev/

    A funny note here: I track changes, and in the last 150 days, there has been one (1) (someone turned DNSSEC off.)