|
|
|
|
|
|
by tptacek
2016 days ago
|
|
|
Some color to this: it's less than 2% of North American domains, the number of signed zones has actually dropped in some intervals, and it's practically nonexistent among big companies with security teams. Google isn't DNSSEC-signed. Neither is Microsoft. Or Facebook. Or Amazon (whose DNS service, Route53, doesn't implement DNSSEC). Or, last I checked, any US bank. You can check this for yourself: make a list of domains, and then write a trivial script: #!/bin/sh
while read domain
do
ds=$(dig ds $domain +short)
echo "$domain $ds"
done
|
|
|