We noticed some exciting news via Twitter from the .ch registry SWITCH recently:
For the first time, more than 10% of all .ch domain names are signed with #DNSSEC on #1August 🇨🇭🥳. The number of signed names is increasing sharply as more registrars and hosters offer enhanced security for their domain customers. pic.twitter.com/xCG8eeCpss— Michael Hausding (@mhausding) August 2, 2021
Twitter’s image cropping can sometimes obscure Michael’s point about ‘increasing sharply’. You can see more clearly the striking growth in DNSSEC-signed domain names that he’s referring to here:
Just about every Internet communication starts with a Domain Name System (DNS) lookup. The DNS is an essential piece of Internet infrastructure that translates human-friendly names (internetsociety.org) into computer-friendly numbers (2001:41c8:20::b31a).
Like many other components of the Internet, the DNS started out in an insecure form in a vastly different Internet landscape. Today, security and trustworthiness are vital foundations for the ongoing evolution and growth of a robust Internet that benefits users everywhere. DNS Security Extensions (DNSSEC) was developed to provide an additional level of security using cryptographic techniques to validate the authenticity of DNS information.
Signing the domain and installing security keys in the root zone of the DNS is only a first step to more widespread DNSSEC deployment, but it’s an important one. Incentivising registrants to sign their domains is also key, as is encouraging ISPs to enable DNSSEC validation in the recursive resolvers they provide to their subscribers.