Detailed Monitoring Summary:

DNSSEC Summary
14,872,065 Zones
11,633,266 DNSSEC enabled zones
10,203,174 Zones use both KSKs and ZSKs
38 Zones are serving revoked keys
6,903,064 DNSSEC verified zones
10,453,102 Production DNSSEC-enabled zones
Distribution of key algorithms in use:
Algorithm # Keys
DSA-NSEC3-SHA1 [DSA-NSEC3-SHA1]5
RSA/SHA512 [RSASHA512]219,370
RSA/SHA256 [RSASHA256]13,751,242
RSA/SHA-1 [RSASHA1]18,155
ECDSA Curve P-256 with SHA-256 [ECDSAP256SHA256]8,967,312
Unknown Algorithm623,384
Reserved 01
Diffie-Hellman [DH]5
Private [PRIVATEOID]1
RSA-NSEC3-SHA1 [RSASHA1-NSEC3-SHA1]71,474
ECDSA Curve P-384 with SHA-384 [ECDSAP384SHA384]133,576
RSA/MD5 [RSAMD5]2
ECC/GOST [ECC-GOST]4
DSA/SHA-1 [DSA]28
DANE Summary
670,665 DANE enabled zones with TLSA records
766 PKIX based Trust Anchor TLSA records (Cert Usage 0)
1,616 PKIX based End Entity TLSA records (Cert Usage 1)
10,841 DANE based Trust Anchor TLSA records (Cert Usage 2)
257,657 DANE based End Entity TLSA records (Cert Usage 3)
155,995 Zones have deployed TLSA for HTTPS (Port 443)
1,350 Zones have deployed TLSA for IMAP (Port 143)
1,812 Zones have deployed TLSA for POP3 (Port 110)
3,484 Zones have deployed TLSA for Secure SMTP (Port 465)
2,320 Zones have deployed TLSA for Secure POP3 (Port 995)
4,136 Zones have deployed TLSA for SMTP with STARTTLS (Port 587)
98,405 Zones have deployed TLSA for SMTP (Port 25)
3,039 Zones have deployed TLSA for Secure IMAP (Port 993)
343 Zones have deployed TLSA for Alternate SMTP (Port 2525)