About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [dns-wg] dnssec statistics action point 52.2

  • To: "Brett Carr" brettcarr@localhost
  • From: Edward Lewis <Ed.Lewis@localhost
  • Date: Mon, 18 Sep 2006 12:36:40 -0400
At 16:11 +0200 9/18/06, Brett Carr wrote:

At the RIPE 52 meeting, the DNS Working Group asked us to provide
statistics on secured delegations within RIPE NCC hosted zones.

At the time of this e-mail, the figures are as follows:

Total number of zones hosted as a primary by RIPE NCC - 113
Total number of primary zones that are signed - 72
Total number of NS records in all zones - 521,811
Total number of DS records in all zones - 61

We are of course happy to answer any questions about these numbers.
Thanks for the numbers. What I would like to do is to measure the community interest in DNSSEC in terms of how many are deploying DNSSEC, and so I have some questions.
As far as the 521,811 NS records - how many different "sets" of NS records does that represent. Specifically, how many of those delegations are to outside (non-RIPE NCC) administrations?
Same for the DS records. How many sets, and how many sets to outside administrations?
The measure of adoption I am looking at is what percent of zones delegated away from RIPE NCC are signed. It would also be interesting, but probably too time consuming, to find the percentage of administrations with delegations that are deploying DNSSEC. (I.e., you may have 10 zones signed, but that could represent just 1 administration.) 



Background Information:

The RIPE NCC hosts the majority of the 41 unsigned zones on behalf of
third parties. We can and will continue to expand the list of signed zones.

The current keys for all zones that we sign are available at:
https://www.ripe.net/projects/disi/keys/ripe-ncc-dnssec-keys-new.txt

We accept signed delegations (DS records) for all in-addr.arpa zones
where we are primary.

We cannot currently accept signed delegations (DS records) for those
zones in ERX space, where we are not primary for the zone.

The two graphs attached to this e-mail show the distribution of both NS
and DS records.

Regards.

Brett.

--
Brett Carr                              RIPE Network Coordination Centre
Systems Engineer -- Operations Group    Amsterdam, Netherlands
GPG Key fingerprint = F20D B2A7 C91D E370 44CF  F244 B6A1 EF48 E743 F7D8


Attachment converted: Macintosh HD:NSStats.gif (GIFf/«IC») (0027C820)
Attachment converted: Macintosh HD:DSStats.gif (GIFf/«IC») (0027C821)


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

Secrets of Success #107: Why arrive at 7am for the good parking space?
Come in at 11am while the early birds drive out to lunch.
Post To The List:

Replies

Message References

<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | Copyright Statement
RIPE.NET Homepage LIR Portal RIPE Community