[dnssec-coord] Large enterprises who have signed their domain with DNSSEC? (other than Comcast and PayPal)

Peter Koch pk at DENIC.DE
Wed Jan 8 08:11:07 PST 2014


Dan,

> Are you aware of any large enterprises (or "enterprises" in general) that have signed their domain(s) with DNSSEC?

what dimension of "large" do you have in mind?  I'm asking since the number of employees, while sometimes scaling with
the revenue and number of customer contacts, is probably more important for validation rather than signing
and there's the whole 'split DNS' discussion.  Or would you want to focus on ITIL/ISO27001 type corps
(as opposed to R.A.Ndom's webshop)?

> As we start work on the next "What Is DNSSEC?" document targeted at enterprises, it would be useful to have a list of enterprises with signed domains that we could reference in accompanying blog posts and materials.

Without picking on any one of your examples in particular, signing the domain is of little effect if
the major lookup target ends up as a CNAME pointing into unsigned land.  While better than nothing,
a 'public recognition' might be premature.

-Peter

PS: out of the 13500 "signed" DE delegations, I know of one big corp that deployed DNSSEC down to the leaves.
    Can't disclose yet, but hope they do that themselves.


More information about the dnssec-coord mailing list