DNSSEC deployed within 89% of all top-level domains
A report recently released by the Internet Society shows that, as of November 2018, 89% of all top-level domain names (TLD) have signed their zones with Domain Name System Security Extensions (DNSSEC). While all new generic TLDs have deployed DNSSEC at their root, only approximately 47% of all country-code TLDs (ccTLDs) have taken this step. Deployment of the security extension for second-level domains vary widely; for example, over 50% of domains under .cz (the ccTLD for Czechia) are signed, while only about 0.5% of zones in .com are signed. Looking at the broader picture, the report notes that the ‘deployment of DNSSEC has made substantial progress since the root was signed in 2010’, and that ‘the major DNS servers and resolvers now ship with DNSSEC capability, and tools assisting DNSSEC operation are improving’.