Measuring Occurrence of DNSSEC Validation

  • Matthäus Wander
  • Torben Weis
Conference paper

DOI: 10.1007/978-3-642-36516-4_13

Part of the Lecture Notes in Computer Science book series (LNCS, volume 7799)
Cite this paper as:
Wander M., Weis T. (2013) Measuring Occurrence of DNSSEC Validation. In: Roughan M., Chang R. (eds) Passive and Active Measurement. PAM 2013. Lecture Notes in Computer Science, vol 7799. Springer, Berlin, Heidelberg

Abstract

DNSSEC is a security extension that adds public-key signatures to the Domain Name System for the purpose of data authenticity and integrity. While DNSSEC signatures are being deployed on an increasing number of name servers, little is known about the deployment advancements of client-side DNSSEC validation. In this paper we present a methodology to determine whether a client is protected by DNSSEC validation. We applied our methodology over a period of 7 months collecting results from different data sources. After data cleaning, we gathered 131,320 results from 98,179 distinct IP addresses, out of which 4.8% had validation enabled. The ratio varies significantly per country, with Sweden, the Czech Republic and the United States having the largest ratios of validating clients in the field.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Matthäus Wander
    • 1
  • Torben Weis
    • 1
  1. 1.University of Duisburg-EssenDuisburgGermany

Personalised recommendations