.AT Joins DNSSEC Club with little enthusiasm

Austria (.AT) has joined a club that has members from .AM (Armenia) to .UK (United Kingdom) and beyond, but whose biggest member could be .CZ (Czech Republic), according to the latest .at report.

DNSSEC is a security extension for the Domain Name System (DNS). By using digital signatures it assures the authenticity and integrity of DNS replies. In other words: DNSSEC guarantees the users that they will actually access the right domain without being redirected unnoticed.

Overall there are 313 top level domains around the world, including country codes and generics, but less than one third have a DNSSEC signature. Of those DNSSEC signed 61 are ccTLDs (including .EU), 11 gTLDs and 13 are internationalised domain names including two for Taiwan while the remaining IDNs are for ICANN for test purposes.

Of the statistics given in the .at report for selected TLDs, the largest is .CZ with 330,000 domains signed with DNSSEC, followed by 166,975 in .DE (Germany) and 147,729 .SE (Sweden).

Now that DNSSEC has been signed in .AT it is important that registrars get on board. But registrars are not very interested. The two eco Registrar Atlas reports in 2011 and 2012 found registrars are very ambivalent.

In 2011, 40 per cent of those .AT registrars responding to the questionnaire said they would introduce DNSSEC within the next 12 months, which equals 70 DNSSEC-active registrars in the first half of 2012.

However, reality shows that not even ten per cent (9% – only 14 registrars) of those questioned have actually got onboard and are currently actively using DNSSEC. The eco Registrar Atlas shows a similar outcome for other participating countries. For example, 45 per cent of .DE registrars stated in 2011 that they would implement DNSSEC in 2012 but one year later the number had only increased from 17 to 19 per cent. It is possible, but unlikely, the respondents were different and this could account for the variations.

In .AT, the survey found that while the number of registrars offering DNSSEC has roughly doubled, from (4.6 to 9%) from 2011 to 2012, while a large proportion of the 40.8% of those planning to implement DNSSEC in the next 12 months has clearly not done so. The number of registrars planning to implement DNSSEC in the next 12 months was now only 27 per cent. And while the number saying that had not planned to introduce DNSSEC had dropped from 54.6 per cent to 44 per cent, those not saying had jumped from zero to one in five (20%).

But the future is somewhat bright. More than half of those .AT registrars questioned (51%) are convinced that DNSSEC will prevail as a security standard.

However, almost 70 per cent of those questioned believe that DNSSEC will be (rather) insignificant for them. Not even one quarter (23%) regard DNSSEC as very or rather important.

From a registrants point of view, it seems there is a similar attitude. Only 15 per cent of the registrars state that they have received customer requests for DNSSEC while four in five (80%) have not even received one request.

Part of the reason for the lack of enthusiasm for DNSSEC could have been explained by Thomas Rickert at the Domain Pulse conference in February. Commenting on the then preliminary results of the survey, he said part of the failure could be the industry, particularly registrars and registries, have not created a demand for DNSSEC. And while many internet users are concerned about the security of their data online, they are unaware of DNSSEC and its role.