Update on stats

[Viktor Dukhovni]

On Wed, May 04, 2016 at 07:27:19PM +0000, Viktor Dukhovni wrote:

> The overall DANE domain count is now ~29800, but of course this is
> not a dramatic rise in adoption, rather an increase in the breadth
> of the survey.

This count is now at 30976, primarily as new domains are added by
the top hosting providers.

> As expected the bulk of the DANE domains are hosted
> the handful of DNS/hosting providers who've enabled DANE support
> in bulk for the domains they host.  The top five are:
> 
>     16650 transip.nl
>      6020 udmedia.de
>      1110 nederhost.net
>       663 ec-elements.com
>       180 core-networks.de
>     24623 TOTAL

The top 5 are now:

    17537 transip.nl
     6060 udmedia.de
     1113 nederhost.net
      683 ec-elements.com
      225 core-networks.de
    25618 TOTAL

> The number of domains with incorrect TLSA records or failure to
> advertise STARTTLS (even though TLSA records are published) stands
> at 50.

That count is now 60, the domains are below.  If someone has better
contacts than WHOIS for these, that'd be great.

    f2h.at
    hanisauland.at
    bebidaliberada.com.br
    giantit.com.br
    lojabrum.com.br
    prodnsbr.com.br
    simplesestudio.com.br
    sistemasranf.com.br
    solucoesglobais.com.br
    ticketmt.com.br
    twsolutions.net.br
    iress.co
    2cv-club-des-ducs.com
    4nettech.com
    aircargo-statistics.com
    barbarassecret.com
    dentalembezzlement.com
    gedankenausbruch.com
    kkeane.com
    kriegshysterie.com
    lastsip.com
    leatherfest.com
    nctechcenter.com
    prosperident.com
    talideon.com
    tntmonitoring.com
    bels.cz
    101host.de
    1post.de
    apachedemo.de
    badf00d.de
    dopesoft.de
    mcplayman.de
    mrkrabat.de
    thestoneage.de
    22december.dk
    macnaughton.email
    chets.fr
    planissimo.fr
    tni-au.mil.id
    nonoserver.info
    chauvet.me
    rk-mail.me
    stereochro.me
    castleturing.net
    freeservices.net
    kuzenkova.net
    linlab.net
    rk-mail.net
    steelyard.nl
    wm.net.nz
    gazonk.org
    glux.org
    myhead.org
    rogaar.org
    itaskmanager.ovh
    kriegshysterie.ovh
    rk-mail.ovh
    skyneaker.ovh
    taskmanager.ovh

> The number of domains with bad DNSSEC support is 262.

That's now 214.

> The top 10 DNS providers (by broken domain count) are:

  34 isphuset.no
  19 axc.nl
  12 registrar-servers.com
  11 cas-com.net
  11 active24.cz
  10 netcup.net
   8 forpsi.net
   5 pfsc.com
   5 ovh.net
   5 metaregistrar.nl

The folks at netcup.net have just reached out, with a bit of luck
that'll be resolved in the not too distant future.

> Forpsi have indicated they are working on a fix.  Progress at
> isphuset.no (ulimately fsdata.se) is still stalled.  If someone
> has working technical contacts at any of the others, please drop
> me a note.

Still looking for contacts for the other hosting providers.

> The number of domains that at some point were listed in Gmail's
> transparency report is 57 (this is my ad-hoc criterion for a domain
> being a large-enough actively used email domain).

That's now 60.

> Of these 32 are in the most recent report:

That's now 33, with the addition of unitymedia.de.

> The .br TLD still includes too large a fraction (10/50) of domains
> with incorrect TLSA RRs.  This is a result of DNS hosting by
> registro.br, where TLSA records are easy to initially publish, but
> difficult to keep up to date.  

They've acknowledged my request to drop support for TLSA RRs for
the free hosted domains, where there's no easy way to keep the
records current.  Whether they'll take action on that is not yet
clear.

-- 
	Viktor.