DNS Hosting provider issues (resolved at citynetwork.se)

Viktor Dukhovni ietf-dane at dukhovni.org
Thu Feb 5 15:17:56 CET 2015

On Thu, Feb 05, 2015 at 09:38:38AM +0100, lst_hoe02 at kwsoft.de wrote:

> Is there a list of some sort with the already known TLSA secured domains?

I don't feel at liberty to publish the domain list.

> Would be nice to see the pace of acceptance for different TLDs and so on.

However, the top TLDs out of the 1059 domains I've curated are:

     327 de
     159 net
     124 com
      99 org
      44 eu
      31 ch
      30 nl
      20 dk
      20 cz
      17 uk
      13 me
      13 at
      12 fr
      11 info
      11 fi
      10 io
      10 email
       9 se
       9 be
       7 us
     976 TOTAL

The remaining 83 domains are scattered across 47 TLDs.  If we look
instead at domains that are DNSSEC signed and at least one of their
"best" MX hosts also lies in a secure zone, but that may not have
published DANE TLSA records, the top 20 breakdown becomes:

   11083 nl
    6402 cz
    2966 com
    2131 br
    1286 net
     996 se
     961 fr
     882 eu
     629 de
     626 org
     358 gov
     326 be
     174 no
     159 pl
     146 pt
     138 edu
     114 ch
     112 dk
     105 uk
     104 ovh
   29698 TOTAL

The remaining ~1000 domains are scattered across 92 TLDs.

Note, that many of the .net/.com/.org/.eu DANE for SMTP domains
are actually registered by German domain owners.  DANE for SMTP is
still very much a .DE phenomenon.  It would be good to see more
progress elsewhere.

This may take some "evangelists" outside Germany who can write
blogs, tutorials, inform the technology press, ...  Perhaps once
the SMTP DANE draft becomes an RFC (~2-4 months I think), the time
will be ripe to start a broader "marketing effort".


More information about the dane-users mailing list