anuragbhatia.com – DNS, BGP, Anycast, IPv6 & more!

07 Sep

DNSSEC deployment across the ccTLDs

While I am spending time on APNIC’s security workshop here at APNIC 46, I got curious about DNSSEC deployment across ccTLDs.

For those who may be unaware, DNSSEC adds signature the DNS responses making it possible to cryptographically verify a DNS query response.

Out of 254 ccTLDs, 125 support DNSSEC with a published DS record (at least that is what I get when I check their zone) and 129 do not support it as yet. So, for now, it is at 49.21%.

ccTLD	Status
ac	TRUE
ad	TRUE
ae	FALSE
af	TRUE
ag	TRUE
ai	FALSE
al	FALSE
am	TRUE
an	FALSE
ao	FALSE
aq	FALSE
ar	TRUE
as	FALSE
at	TRUE
au	TRUE
aw	TRUE
ax	TRUE
az	TRUE
ba	FALSE
bb	FALSE
bd	FALSE
be	TRUE
bf	FALSE
bg	TRUE
bh	FALSE
bi	FALSE
bj	FALSE
bl	FALSE
bm	TRUE
bn	FALSE
bo	FALSE
bq	FALSE
br	TRUE
bs	FALSE
bt	TRUE
bv	FALSE
bw	TRUE
by	TRUE
bz	TRUE
ca	TRUE
cc	TRUE
cd	FALSE
cf	FALSE
cg	FALSE
ch	TRUE
ci	FALSE
ck	FALSE
cl	TRUE
cm	FALSE
cn	TRUE
co	TRUE
cr	TRUE
cu	FALSE
cv	FALSE
cw	FALSE
cx	TRUE
cy	FALSE
cz	TRUE
de	TRUE
dj	FALSE
dk	TRUE
dm	FALSE
do	FALSE
dz	FALSE
ec	FALSE
ee	TRUE
eg	FALSE
eh	FALSE
er	FALSE
es	TRUE
et	FALSE
eu	TRUE
fi	TRUE
fj	FALSE
fk	FALSE
fm	FALSE
fo	TRUE
fr	TRUE
ga	FALSE
gb	FALSE
gd	TRUE
ge	FALSE
gf	FALSE
gg	FALSE
gh	FALSE
gi	TRUE
gl	TRUE
gm	FALSE
gn	TRUE
gp	FALSE
gq	FALSE
gr	TRUE
gs	TRUE
gt	FALSE
gu	FALSE
gw	TRUE
gy	FALSE
hk	TRUE
hm	FALSE
hn	TRUE
hr	TRUE
ht	FALSE
hu	TRUE
id	TRUE
ie	TRUE
il	TRUE
im	FALSE
in	TRUE
io	TRUE
iq	FALSE
ir	FALSE
is	TRUE
it	TRUE
je	FALSE
jm	FALSE
jo	FALSE
jp	TRUE
ke	TRUE
kg	TRUE
kh	FALSE
ki	TRUE
km	FALSE
kn	FALSE
kp	FALSE
kr	TRUE
kw	FALSE
ky	TRUE
kz	FALSE
la	TRUE
lb	TRUE
lc	TRUE
li	TRUE
lk	TRUE
lr	TRUE
ls	FALSE
lt	TRUE
lu	TRUE
lv	TRUE
ly	FALSE
ma	TRUE
mc	FALSE
md	FALSE
me	TRUE
mf	FALSE
mg	TRUE
mh	FALSE
mk	FALSE
ml	FALSE
mm	TRUE
mn	TRUE
mo	FALSE
mp	FALSE
mq	FALSE
mr	FALSE
ms	FALSE
mt	FALSE
mu	FALSE
mv	FALSE
mw	FALSE
mx	TRUE
my	TRUE
mz	FALSE
na	TRUE
nc	TRUE
ne	FALSE
nf	TRUE
ng	FALSE
ni	FALSE
nl	TRUE
no	TRUE
np	FALSE
nr	FALSE
nu	TRUE
nz	TRUE
om	FALSE
pa	FALSE
pe	TRUE
pf	FALSE
pg	FALSE
ph	FALSE
pk	FALSE
pl	TRUE
pm	TRUE
pn	FALSE
pr	TRUE
ps	FALSE
pt	TRUE
pw	TRUE
py	FALSE
qa	FALSE
re	TRUE
ro	TRUE
rs	FALSE
ru	TRUE
rw	FALSE
sa	TRUE
sb	TRUE
sc	TRUE
sd	FALSE
se	TRUE
sg	TRUE
sh	TRUE
si	TRUE
sj	TRUE
sk	FALSE
sl	FALSE
sm	FALSE
sn	TRUE
so	FALSE
sr	FALSE
ss	FALSE
st	FALSE
su	TRUE
sv	FALSE
sx	TRUE
sy	FALSE
sz	FALSE
tc	FALSE
td	FALSE
tf	TRUE
tg	FALSE
th	TRUE
tj	FALSE
tk	FALSE
tl	TRUE
tm	TRUE
tn	TRUE
to	FALSE
tp	FALSE
tr	FALSE
tt	TRUE
tv	TRUE
tw	TRUE
tz	TRUE
ua	TRUE
ug	TRUE
uk	TRUE
um	FALSE
us	TRUE
uy	TRUE
uz	FALSE
va	FALSE
vc	TRUE
ve	FALSE
vg	FALSE
vi	FALSE
vn	TRUE
vu	TRUE
wf	TRUE
ws	TRUE
yt	TRUE
za	TRUE
zm	TRUE
zw	FALSE

About all TLDs in the root zone

There are 1540 TLDs right now in the root zone out of which 145 do not support DNSSEC as yet (129 of that is ccTLD alone). 1396 do have DS record at the DNS zone in TLD level. I have published the full list here.

Note: Full DNSSEC support is more than just DS record in the zone.

06 Sep

CDN Caching Panel discussion at APNIC 46

I am in Noumea in New Caledonia in the Pacific Islands. Next week we have APNIC 46 conference and I would be moderating an exciting panel discussion with friends from Akamai, Cloudflare, Facebook and more about working of CDNs.

If attending APNIC 46, please come & join this session –https://conference.apnic.net/46/program/schedule/#/day/7/panel-cdn-caching

If you are interested in connecting to Hurricane Electric (AS6939) in this region, please do drop me a message. (List of our PoPs in the region here)