What have we seen in terms of DNSSEC deployment around the world? Are there general trends or themes we can understand? Can we dive a bit deeper into some of the algorithms used in DNSSEC signatures?
In an October 2012 presentation to NANOG 56, Ed Lewis of Neustar dug into all these questions and more. The slides make for interesting reading, particularly some of the details about which crypto algorithms were used and what key lengths were used. He also looked at the frequency of key changes, key rollover processes and included a whole section on NSEC/NSEC3 records.
All in all an interesting set of data and some good recommendations around guidance that is needed for the industry. Well worth your time to scan through the slide deck if you are interested in statistics around DNSSEC deployment.
