Deployment news (comcast.net publishes TLSA RRs)
Viktor Dukhovni
ietf-dane at dukhovni.org
Mon Nov 16 16:52:16 CET 2015
On Mon, Nov 16, 2015 at 09:41:57AM -0600, Mark Felder wrote:
> > My ongoing survey has now found 9389 working DANE domains. Most
> > of these are served by a few domain hosting providers:
> >
> > 5230 udmedia.de
> > 955 nederhost.net
> > 354 transip.email
> > 47 mediaweb-it.net
> > 45 mailbox.org
> > 36 gr-webdesign.de
> > 32 core-networks.de
> > 32 wk-serv.net
> > 30 set-hosting.de
> > 30 dotplex.de
> >
>
> Your numbers seem much higher than Verisign's. I wonder what Verisign's
> secspider is missing?
>
> http://secspider.verisignlabs.com/stats.html
They are counting zones with TLSA records. I'm counting domains
whose MX hosts have TLSA records. Those 5230 domains for udmedia.de
all resolve to MX hosts in just 1 zone.
My dataset has 1265 MX hosts in 1185 zones, but the number of
*domains* with SMTP DANE TLS is 9513.
--
Viktor.
More information about the dane-users
mailing list