Perhaps old news to some/many of you who got the news earlier via Twitter:
https://twitter.com/VDukhovni/status/1066050163356127232 but for anyone who missed it, yesterday saw an ~120% jump in the number/fraction of DNSSEC signed domains that have DANE TLSA records for their MX hosts: http://stats.dnssec-tools.org/#graphs As of today, ~739 thousand or ~8.4% out of the ~8.76 million domains covered in my DANE/DNSSEC survey have DANE TLSA records for all their MX primary hosts. Indeed all but ~1900 have DANE TLSA records for all their MX hosts, primary or otherwise. This is a result of DNSSEC and DANE TLSA deployment at one.com, where ~400k DNSSEC-signed customer domains that are MX-hosted by one.com now have MX hosts with signed TLSA records. Thanks and congratulations to one.com for helping to move DANE adoption to this new level. I hope that more providers will do likewise soon, and that DANE will before too long become the norm for DNSSEC-signed domains. -- Viktor. -- Viktor.
