Detailed Monitoring Summary:

DNSSEC Summary
20,012,558 Zones
14,075,713 DNSSEC enabled zones
12,180,386 Zones use both KSKs and ZSKs
62 Zones are serving revoked keys
7,087,880 DNSSEC verified zones
12,062,541 Production DNSSEC-enabled zones
Distribution of key algorithms in use:
Algorithm # Keys
RSA/SHA256 [RSASHA256]14,569,051
ECDSA Curve P-384 with SHA-384 [ECDSAP384SHA384]136,999
RSA-NSEC3-SHA1 [RSASHA1-NSEC3-SHA1]50,233
DSA/SHA-1 [DSA]33
ECDSA Curve P-256 with SHA-256 [ECDSAP256SHA256]11,916,594
ECC/GOST [ECC-GOST]6
DSA-NSEC3-SHA1 [DSA-NSEC3-SHA1]11
Reserved 01
Unknown Algorithm647,155
Diffie-Hellman [DH]6
RSA/SHA-1 [RSASHA1]16,116
RSA/MD5 [RSAMD5]9
RSA/SHA512 [RSASHA512]219,604
DANE Summary
715,694 DANE enabled zones with TLSA records
858 PKIX based Trust Anchor TLSA records (Cert Usage 0)
1,828 PKIX based End Entity TLSA records (Cert Usage 1)
16,958 DANE based Trust Anchor TLSA records (Cert Usage 2)
325,269 DANE based End Entity TLSA records (Cert Usage 3)
443 Zones have deployed TLSA for Alternate SMTP (Port 2525)
200,125 Zones have deployed TLSA for HTTPS (Port 443)
7,032 Zones have deployed TLSA for Secure SMTP (Port 465)
4,889 Zones have deployed TLSA for Secure POP3 (Port 995)
1,757 Zones have deployed TLSA for IMAP (Port 143)
6,094 Zones have deployed TLSA for Secure IMAP (Port 993)
114,561 Zones have deployed TLSA for SMTP (Port 25)
7,394 Zones have deployed TLSA for SMTP with STARTTLS (Port 587)
2,623 Zones have deployed TLSA for POP3 (Port 110)