Hi, here are the results of my DNSSEC validation measurements: http://www.vs.uni-due.de/personal/wander/dnssec_validation.pdf
The online test is available here: http://dnssec.vs.uni-due.de Please note that the VeriSign test explained in the paper is the Picard/Borat test at http://test.dnssec-or-not.net which you probably have seen before. It is NOT the prefetch test that Duane announced recently. Abstract: "DNSSEC is a security extension that adds public-key signatures to the Domain Name System for the purpose of data authenticity and integrity. While DNSSEC signatures are being deployed on an increasing number of name servers, little is known about the deployment advancements of DNSSEC validation. In this paper we present a methodology to determine whether a client is protected by DNSSEC validation. We applied our methodology over a period of 4 months collecting results from different data sources. After data cleaning, we gathered 76,364 results from 59,985 distinct IP addresses, out of which 4.5% had validation enabled. The ratio varies significantly per country, with Sweden, the Czech Republic and the United States having the largest ratios of validating clients in the field." Kind regards, Matt -- Universität Duisburg-Essen Verteilte Systeme Bismarckstr. 90 / BC 316 47057 Duisburg
smime.p7s
Description: S/MIME Kryptografische Unterschrift
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
