There has been lots of discussion recently about DNSSEC issues, including
whether it's desirable to sign internal zones. Independent of this most recent
issue, a couple of weeks ago I did an informal survey, using DNSVIZ, of various
TLDs. I found the following rather surprising results:
DNS-VIZ and "associates"
TLD Signed? Comments
-------------- ------- --------
dnsviz.net yes with 1 warning (!)
iana.org yes
icann.org yes
isc.org yes
arin.net yes
ietf.org yes with many warnings & errors
sandia.gov yes with many warnings & 1 error
verisign.com yes
dns-oarc.net yes
Widely used and/or hi-tech
TLD Signed? Comments
-------------- ------- --------
google.com no
gmail.com no
youtube.com no
apple.com no
microsoft.com no
amazon.com no
walmart.com no
outlook.com no
1e100.net no
facebook.com no
twitter.com no
instagram.com no
ibm.com no
mozilla.org no
wikipedia.org no
redhat.com no
w3c.org no
bankofamerica.com no
Does anybody have an explanation for why such big domains don't bother using
DNSSEC?
P.S. My opinion is that it probably worthwhile to sign internal zones,
especially for organizations that are tempting targets and have many internal
computers.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
