Just about every Internet communication starts with a Domain Name System (DNS) lookup. The DNS is an essential piece of the Internet infrastructure that translates human-friendly names (internetsociety.org) into computer-friendly numbers (2001:41c8:20::b31a). Learn more about DNSSEC.
Like many other components of the Internet, the DNS started out in an insecure form in a vastly different Internet landscape. Today, security and trustworthiness are vital foundations for the ongoing evolution and growth of a robust Internet that benefits users everywhere. DNS Security Extensions (DNSSEC) provide an additional level of security using cryptographic techniques to validate the authenticity of DNS information.
To date, 148 countries have DNSSEC-enabled ccTLDs (Figure 1, blue line), with Kazakhstan (.kz) and Haiti (.ht) joining this group in the first quarter of 2023.
Signing the domain and installing security keys in the root zone of the DNS is only a first step to more widespread DNSSEC deployment, but it’s an important one. Incentivizing registrants to sign their domains is also key, as is encouraging ISPs to enable DNSSEC validation in the recursive resolvers they provide to their subscribers.
You can continue to observe the steady increase in ccTLD DNSSEC adoption and the adoption of DNSSEC validation via our Pulse Enabling Technologies page.