DNSSEC Summary
| 16,301,664 |
Zones |
| 12,666,417 |
DNSSEC enabled zones |
|
| 10,932,991 |
Zones use both KSKs and ZSKs |
| 61 |
Zones are serving revoked keys |
|
| 7,435,146 |
DNSSEC verified zones |
| 11,041,007 |
Production DNSSEC-enabled zones |
|
|
Distribution of key algorithms in use:
|
Algorithm
|
# Keys
|
|
RSA-NSEC3-SHA1 [RSASHA1-NSEC3-SHA1] | 90,960
|
|
RSA/MD5 [RSAMD5] | 7
|
|
ECC/GOST [ECC-GOST] | 6
|
|
DSA/SHA-1 [DSA] | 36
|
|
Diffie-Hellman [DH] | 8
|
|
Unknown Algorithm | 505,777
|
|
Reserved 0 | 1
|
|
DSA-NSEC3-SHA1 [DSA-NSEC3-SHA1] | 9
|
|
Private [PRIVATEOID] | 1
|
|
ECDSA Curve P-384 with SHA-384 [ECDSAP384SHA384] | 146,786
|
|
RSA/SHA-1 [RSASHA1] | 23,081
|
|
RSA/SHA256 [RSASHA256] | 15,115,692
|
|
ECDSA Curve P-256 with SHA-256 [ECDSAP256SHA256] | 9,250,959
|
|
RSA/SHA512 [RSASHA512] | 254,009
|
|
|
|
DANE Summary
|
|
659,911
|
DANE enabled zones with TLSA records
|
|
|
737
|
PKIX based Trust Anchor TLSA records (Cert Usage 0)
|
|
1,604
|
PKIX based End Entity TLSA records (Cert Usage 1)
|
|
|
9,602
|
DANE based Trust Anchor TLSA records (Cert Usage 2)
|
|
250,928
|
DANE based End Entity TLSA records (Cert Usage 3)
|
|
|
|
3,077
|
Zones have deployed TLSA for Secure SMTP (Port 465)
|
|
|
1,611
|
Zones have deployed TLSA for POP3 (Port 110)
|
|
|
151,366
|
Zones have deployed TLSA for HTTPS (Port 443)
|
|
|
323
|
Zones have deployed TLSA for Alternate SMTP (Port 2525)
|
|
|
2,069
|
Zones have deployed TLSA for Secure POP3 (Port 995)
|
|
|
96,729
|
Zones have deployed TLSA for SMTP (Port 25)
|
|
|
1,288
|
Zones have deployed TLSA for IMAP (Port 143)
|
|
|
2,703
|
Zones have deployed TLSA for Secure IMAP (Port 993)
|
|
|
3,710
|
Zones have deployed TLSA for SMTP with STARTTLS (Port 587)
|
|
