<font color='black' size='2' face='arial'>
<div style="line-height: 1.25em; font-family: Helvetica, Arial, FreeSans, sans-serif; font-size: 14px; background-color: rgb(255, 255, 255); ">At the <a href="https://events.nordu.net/display/ndn2012web/Programme" style="color: rgb(0, 88, 149); text-decoration: none; ">Nordunet 2012 conference</a> in September, a <a href="https://events.nordu.net/display/ndn2012web/DNSSEC%3A+from+root+to+%28brown%29+leaves%3A+Lessons+%20learned+from+4+years+of+active+deployment+-+2" style="color: rgb(0, 88, 149); text-decoration: none; ">presentation</a> included the assertion that "more than 80% of domains could use DNSSEC if they so chose." This is an interesting claim that speaks to a very rapid rise in the deployment of DNSSEC in recent years, and it raises many questions about the overall status of DNSSEC deployment in today's Internet. While the effort to secure the operation of the DNS dates back for more than 10 years (See earlier articles on DNSSEC in <a style="color: rgb(0, 88, 149); ">August</a>, <a href="http://www.potaroo.net/ispcol/2006-09/dnssec2.html" style="color: rgb(0, 88, 149); text-decoration: none; ">September</a> and <a href="http://www.potaroo.net/ispcol/2006-10/dnssec3.html" style="color: rgb(0, 88, 149); text-decoration: none; ">October</a>2006, and an update in <a href="http://www.potaroo.net/ispcol/2010-06/dnssec.html" style="color: rgb(0, 88, 149); text-decoration: none; ">June</a> 2010), the recent impetus for DNSSEC adoption came from the acknowledgement of vulnerabilities in the DNS with the widespread publication of a viable form of attack on DNS resolvers (the "<a href="http://www.linuxjournal.com/content/understanding-kaminskys-dns-bug" style="color: rgb(0, 88, 149); text-decoration: none; ">Kaminsky DNS attack</a>", reported in 2008), and DNSSEC-signed DNS root zone, which commenced on 15 July 2010. The question now is: how is all this playing out in the world of the DNS? How many DNS zones are DNSSEC-signed? To what extent are Internet user's able to trust in the integrity of DNS name resolution? How many Internet users use DNS resolvers that perform DNSSEC validation?</div>
<div style="line-height: 1.25em; font-family: Helvetica, Arial, FreeSans, sans-serif; font-size: 14px; background-color: rgb(255, 255, 255); ">There are certainly a number of very positive individual stories about the extent of DNSSEC adoption. In a recent <a href="https://www.sidn.nl/en/news/news/article/more-than-one-million-nl-domain-names-secured-with-dnssec/" style="color: rgb(0, 88, 149); text-decoration: none; ">announcement</a> the operator of the Netherlands ccTLD reported more than 1 million DNSSEC-signed domain name delegations, which is <a href="http://xs.powerdns.com/dnssec-nl-graph" style="color: rgb(0, 88, 149); text-decoration: none; ">reported</a> to make .nl the TLD with the most signed delegations. On a more general level we are aware at in September 2012 some 64 country code Top Level Domains (ccTLD) are DNSSEC-signed, as are many of the generic TLDS (gTLDs) including .com, .net and .org.</div>
<div style="line-height: 1.25em; font-family: Helvetica, Arial, FreeSans, sans-serif; font-size: 14px; background-color: rgb(255, 255, 255); ">But are there some more general questions about the adoption of DNSSEC that we could answer by various forms of direct measurement across the entirety of the Internet? Perhaps if we could undertake a measurement exercise that could answer some, or even all, of the following questions, then we'd have a better idea as to the extent to which DNSSEC is available and being used in today's Internet:</div>
<ul style="font-family: Helvetica, Arial, FreeSans, sans-serif; font-size: 14px; background-color: rgb(255, 255, 255); "><li>How many zones are DNSSEC signed?</li><li>How many DNS queries are DNSSEC-validated?</li><li>How many DNS resolvers are DNSSEC-capable?</li><li>How many users are using DNSSEC-aware DNS resolvers?</li></ul>
<div style="line-height: 1.25em; font-family: Helvetica, Arial, FreeSans, sans-serif; font-size: 14px; background-color: rgb(255, 255, 255); ">Of course answering these questions is not necessarily easy. Lets look at each of these questions and see if it is feasible to undertake a measurement exercise that could provide an answer.</div>
<div style="line-height: 1.25em; font-family: Helvetica, Arial, FreeSans, sans-serif; font-size: 14px; background-color: rgb(255, 255, 255); "><br>
</div>
<div style="line-height: 1.25em; font-family: Helvetica, Arial, FreeSans, sans-serif; font-size: 14px; background-color: rgb(255, 255, 255); ">Visit the following URL for the full article.</div>
<div style="line-height: 1.25em; font-family: Helvetica, Arial, FreeSans, sans-serif; font-size: 14px; background-color: rgb(255, 255, 255); "><br>
</div>
<a href="https://labs.ripe.net/Members/gih/counting-dnssec">https://labs.ripe.net/Members/gih/counting-dnssec</a>
<div><br>
</div>
<div><br>
</div>
<div>===============================</div>
<div>Mr. Esam Abulkhirat</div>
<div>Acting Director,</div>
<div>Information Security Department,</div>
<div>Ministry of Communications and Informatics,</div>
<div>Libya,</div>
<div><br>
</div>
<div><br>
<div style="clear:both"><br>
</div>
</div>
</font>