[dnssec-deployment] Some DNSSec statistics

Lutz Donnerhacke lutz at iks-jena.de
Tue May 29 04:08:49 EDT 2007 

Overview of 1480 signed zones:
    714 -370 Entry Point
     11   +3 broken chain
    235   -2 chained
     26  +20 new
    494 +364 unreachable

Top 10 autonomous systems injecting DNSSec zones:
    440      AS15725
    387   +1 AS3265
     70      AS3333
     69  +26 AS3245
     68   -1 AS3557
     45      AS16350
     31      AS25537
     27      AS24776
     23      AS39570
     17      AS36810

Top 10 TLD containing DNSSec zones:
    356   -3 NL
    241   -1 ARPA
    220   +1 DE
    212      COM
     70      SE
     70  +26 BG
     64      ORG
     53   -1 NET
     32   -1 RU
     26      INFO

223 (-345) weak keys:
Top 10 autonomous systems injecting weak keys:
     31      AS25537 
     27      AS24776 
     13      AS3216 
     12   +2 AS7132 
     12      AS29632 
      7      AS20943 
      7 -347 AS3265 
      5   -1 AS8228 
      5      AS8683 
      4      AS546 

11 (+3) broken DS chains:
  17.32.198.in-addr.arpa, 42.32.198.in-addr.arpa, wesh.netsec.tislabs.com
  badds.dnssec.jp, hostcount.ripe.net, k.ripe.net, ris.ripe.net
  jelte.nlnetlabs.nl, bitstring.se, xn--ihrn-dpa.se
  xn--lda-ula.xn--ihrn-dpa.se

23 (+9) parent DS to unsigned zones:
  228.111.193.in-addr.arpa, 98.227.193.in-addr.arpa, 128.111.89.in-addr.arpa
  129.111.89.in-addr.arpa, 130.111.89.in-addr.arpa, 131.111.89.in-addr.arpa
  132.111.89.in-addr.arpa, 133.111.89.in-addr.arpa, 134.111.89.in-addr.arpa
  135.111.89.in-addr.arpa, 136.111.89.in-addr.arpa, 137.111.89.in-addr.arpa
  138.111.89.in-addr.arpa, 139.111.89.in-addr.arpa, 140.111.89.in-addr.arpa
  demo.netsec.tislabs.com, isles.netsec.tislabs.com, lindy.netsec.tislabs.com
  mike.netsec.tislabs.com, orange.dnssec.jp, segdns.test.mx, ldap.trstech.net
  a.smallzone.uk-dnssec.nic.uk

16 (-1) unnecessary islands:
  64-26.0.149.193.in-addr.arpa, 0.68.193.in-addr.arpa
  241.75.217.in-addr.arpa, 3.1.6.0.0.1.6.0.1.0.0.2.ip6.arpa
  7.f.3.0.8.3.8.0.1.0.0.2.ip6.arpa, badnxt.dnssec.jp
  nods-ns.test.dnssec-tools.org, autonomica.se, cafax.se, echo-lan.se
  hooden.se, nning.se, shinkuro.se, skabb.se, staver.se, zkt.se

494 (+364) unreachable zones:
Top 10 autonomous systems containing unreachable zones:
    380 +375 AS3265  
     45      AS16350  
      4      AS5537  
      2   -2 AS10370  
      2      AS9150  
      2      AS20857  
      2      AS3561  
      1      AS39003  
      1      AS12996  
      1      AS31680  


-- 
Detailed list: https://www.iks-jena.de/leistungen/dnssec.php

More information about the Dnssec-deployment mailing list