This feed's current articles are shown below. Subscribe for updates to all the content available in this feed, or click through here to see the original article.
Today, the latest issue of The Domain Name Industry Brief Quarterly Report was released by DNIB.com, showing the fourth quarter of 2025 closed with 386.9 million domain name registrations across all top-level domains (TLDs), an increase of 8.4 million domain name registrations, or 2.2% compared to the third quarter of 2025. Domain name registrations increased by 22.7 million, or 6.2%, year over year.
Check out the latest issue of The Domain Name Industry Brief Quarterly Report to see domain name stats from the fourth quarter of 2025, including:
Top 10 largest TLDs by number of reported domain names, with quarterly renewal percentages when available
Top 10 largest ccTLDs by number of reported domain names, with quarterly renewal percentages when available
Top 10 largest gTLDs by number of reported domain names, with quarterly renewal percentages and other key statistics
In October, stock “short sellers” – investors who bet on the likelihood that stocks will decline in value – published misleading and inaccurate reports about “parked” .com domain names and how those domain names would be affected by ongoing changes to Google AdSense. We believe that the short sellers hoped to profit by declines in our stock price due to the false information they published. While we explained the inaccuracy of these reports at the time of their publication based on historical data, we now have a growing body of publicly available data that empirically refutes the short sellers’ predictions.
Before we review the data, let’s recall what the short sellers said. One of the most dramatic predictions was that 30 percent of the .com domain name base was “at risk of churning” in the next 12 months, as a result of Google AdSense changes. For perspective, 30 percent would equate to “churn” of about 48 million .com domain names. As we noted in October, parked domain names for which the registrant is primarily attempting to monetize traffic with website advertising represent less than two percent of the .com domain name base (as opposed to the 30 percent imagined by short sellers), a percentage that has been declining for more than a decade when Google AdSense changes first began, even as the .com domain name base has steadily grown.
We can now compare publicly available zone data to the short seller predictions. If there existed a “Short Sellers’ Cohort” of about 48 million domain names deleting between late September 2025 – when monetization platforms reported significant impact from the latest Google AdSense changes – and September 2026, we’d expect the .com zone to lose 131,506 domain names per day, above and beyond normal fluctuations we see with the registration and deletion of domain names.
Most domain names have one-year registration terms, which means that since Oct. 1, 2025, nearly a quarter of all .com domain names have reached the end of their terms and were either renewed or deleted, so if the Google AdSense changes represented, as short sellers suggested – a precipitating event for the deletion of a massive number of domain names – we’d expect those deletions to begin right away. We know these Google AdSense changes caused turmoil in recent months among the small group of companies that depended on Google AdSense revenue for parked domain names, so if they were going to impact the .com domain name base significantly, as short sellers predicted, we would expect the effects to be visible right away, and certainly within three months.
Does the zone data reveal evidence of this massive negative impact to the COM zone? No.
The following charts reflect an analysis of publicly available data from ICANN’s Centralized Zone Data Service (CZDS):
The chart shows a seven-day rolling average for COM zone data for the past 12 months. The flat line in the graph shows the average number of zone deletions for the year, and the vertical line notes the time in September when the latest Google AdSense impacts were reported. The data does not show any incremental increase in the number of deletions. Based on this data alone, the Short Sellers’ Cohort of about 48 million “churn” domain names simply cannot exist.
In addition to the zone data, each month ICANN publishes registration and deletion data for all gTLDs including .com, 90-days after it is received. While the September data won’t be publicly available until next month, it should mirror what we are seeing in the publicly available zone data, which is to say, the non-existence of a Short Sellers’ Cohort of about 48 million “at risk” .com domain names.
The clarity of this publicly available data refutes the short sellers’ flawed thesis they propagated in October. We hope that when stakeholders read reports by short sellers, they do so with a clear understanding of the financial motivations that can influence their predictions, and a clear memory of their flawed analysis of the impact on .com from the Google AdSense changes.
The rate of .com domain name turnover remains largely steady over time, consistent with a renewal rate that has been between 73%-75% since 2017. Renewal rates for first-time domain name registrations are lower than those for domain names that have been renewed more than once, contributing to relatively minor variations in that range over time. ↩︎
The Domain Name System Security Extensions (DNSSEC) help protect the integrity of DNS data, supporting both online navigation and other uses of domain names as identifiers in applications. In the time since DNSSEC was first introduced in 2005, both the RSA algorithm and elliptic curve cryptography have served as the primary signature algorithms for DNSSEC. But with the potential of large-scale quantum computing on the horizon, there may soon come a time when those algorithms no longer suffice.
The internet community has recognized this challenge, and preparations are underway to adapt DNSSEC to post-quantum cryptography (PQC). At Verisign, we are working alongside researchers, operators, and standards bodies to develop solutions that balance cryptographic strength with the operational realities of the DNS.
Transitioning DNSSEC to PQC is shaped by two realities. On the one hand, algorithm rollovers are rare and require global coordination—the root KSK rollover, for example, took years of planning. At the same time, PQC algorithms such as the National Institute of Standards and Technology’s (NIST’s) SLH-DSA produce much larger signatures than today’s DNS was designed to handle. Large signatures risk packet fragmentation, performance bottlenecks, and operational complexity for DNS operators.
The transition is therefore not just a cryptography problem—it is equally an engineering and operations challenge.
A Strategy for Resilience
Along with colleagues in the DNS community, Verisign has been pursuing a diversity strategy for DNSSEC: pairing one algorithm that delivers efficient performance in everyday use with another that provides a conservative fallback. We do not yet have a recommendation for a routine performance algorithm but a promising candidate for the fallback is SLH-DSA, a hash-based algorithm with strong security assurances.
To make SLH-DSA practical for DNSSEC, Verisign developed Merkle Tree Ladder (MTL) mode, which uses a Merkle tree structure to amortize the cost of large signatures. Instead of signing each record individually with a post-quantum signature algorithm, MTL mode signs an evolving “ladder” that authenticates multiple messages. Short Merkle tree inclusion proofs are included in place of conventional signatures on the individual DNS records, thus reducing size while preserving security. And while MTL mode can be applied to other signature algorithms, we started with SLH-DSA because it was the most conservatively designed and also had the largest signatures.
Research, Open Source, and Community Collaboration
Progress on PQC DNSSEC has been driven by collaboration across the community, with Verisign actively contributing at every stage. Efforts have spanned research and experimentation, presentations and hackathons at organizations like the Internet Engineering Task Force (IETF), NIST, DNS Operations Analysis and Research Center (DNS-OARC), and collaborations with academic entities.
The IETF is responsible for the DNS and DNSSEC standards. The IETF’s PQC DNSSEC mailing list and side meetings have been productive venues where participants can come together to share their evaluations of various PQC algorithms, experiences implementing SLH-DSA with MTL mode, and related resolver behaviors, as summarized in A Post-Quantum Cryptography Strategy for DNSSEC. IETF Hackathons and independent experiments have extended resolvers such as BIND, NSD, and CoreDNS to support PQC algorithms—including ML-DSA, Falcon, SLH-DSA, and SLH-DSA-MTL—producing real-world data described in PQC DNSSEC Implementation, presented at IETF 123.
NIST’s annual PQC conferences have been valuable opportunities for cryptographers to come together on PQC algorithm research. For this reason, Verisign selected this venue for its first presentation on MTL mode. Engagement has continued through panels on pre-hashing and presentations on strategies for Post-Quantum Cryptography in DNSSEC that support NIST’s ongoing evaluation of additional PQC signature algorithms, some of which may prove useful for DNSSEC long-term as the “routine performance” choice.
Academic and industry researchers have also played a major role. Researchers from Universidad Carlos III de Madrid, University of Ostrava, University of Twente, Virginia Tech, and University of Waterloo (along with SIDN Labs) have conducted feasibility studies and performance evaluations, often in collaboration with Verisign researchers. To make experimentation possible, Verisign has published Internet-Drafts and released open-source implementations of MTL mode, including a reference library and integrations into ldns and the Unbound resolver. By openly publishing IETF Internet-Drafts and making this code available under a royalty-free license, Verisign has supported independent testing and validation of its practicality.
Lastly, but surely not least, the DNS Operator community has a large stake in the ultimate selection and deployment of PQC DNSSEC. Research from the above groups has also been brought to DNS-OARC for further discussion among the operator community.
This ecosystem approach—spanning research, open source, standards, and operator feedback—ensures that multiple perspectives are shaping the future of PQC DNSSEC.
At Verisign, we are proud to contribute to long-term internet security and stability by introducing technologies like MTL mode, publishing open source implementations, and working through the IETF to ensure DNSSEC remains strong and resilient in a post-quantum world. And by making implementations and intellectual property of MTL mode broadly available with royalty-free licenses, we hope to encourage widespread adoption of tools and techniques that better prepare our critical systems for the post-quantum era.
Today, the latest issue of The Domain Name Industry Brief Quarterly Report was released by DNIB.com, showing the third quarter of 2025 closed with 378.5 million domain name registrations across all top-level domains (TLDs), an increase of 6.8 million domain name registrations, or 1.8% compared to the second quarter of 2025. Domain name registrations increased by 16.2 million, or 4.5%, year over year.
Check out the latest issue of The Domain Name Industry Brief Quarterly Report to see domain name stats from the third quarter of 2025, including:
Top 10 largest TLDs by number of reported domain names, with quarterly renewal percentages when available
Top 10 largest ccTLDs by number of reported domain names, with quarterly renewal percentages when available
Top 10 largest gTLDs by number of reported domain names, with quarterly renewal percentages and other key statistics
Today, the latest issue of The Domain Name Industry Brief Quarterly Report was released by DNIB.com, showing the second quarter of 2025 closed with 371.7 million domain name registrations across all top-level domains (TLDs), an increase of 3.3 million domain name registrations, or 0.9% compared to the first quarter of 2025. Domain name registrations increased by 9.3 million, or 2.6%, year over year.
Check out the latest issue of The Domain Name Industry Brief Quarterly Report to see domain name stats from the second quarter of 2025, including:
Top 10 largest TLDs by number of reported domain names, with quarterly renewal percentages when available
Top 10 largest ccTLDs by number of reported domain names, with quarterly renewal percentages when available
Top 10 largest gTLDs by number of reported domain names, with quarterly renewal percentages and other key statistics
Last month, the RSA Conference – one of the world’s largest and most influential forums on cybersecurity and cryptography – honored our colleague, Verisign Chief Technology Officer Burt Kaliski, with a Lifetime Achievement Award for his enduring and significant contribution to the advancement of the cybersecurity industry and cryptography.
At the RSA Conference in San Francisco, Burt was one of two recipients of the coveted award, which is granted to “outstanding leaders who have made significant contributions to the advancement of the cybersecurity industry over their lifetime.” MIT Professor Ron Rivest and Verisign Chairman and CEO, Jim Bidzos, who began building RSA in 1986, before Burt joined in 1989, presented the award.
The RSA Conference acknowledged Burt’s leadership of Verisign’s long-term research program involving internet infrastructure, as well as his previous roles as the founding director of the EMC Innovation Network, vice president of research at RSA Security, and founding chief scientist of RSA Laboratories, where his contributions included the development of the Public Key Cryptography Standards (PKCS).
An outstanding leader, Burt oversees a team of Verisign technologists pursuing critical research into the future of the Domain Name System (DNS), while also continuing to conduct and publish his own groundbreaking research.
Verisign thanks the RSA Conference for recognizing Burt’s decades of vital contributions to the field of cryptography, the broader cybersecurity industry, and DNS technology.
Announcer: To present the RSAC 2025 Conference Lifetime Achievement Award, please welcome institute Professor MIT, Ron Rivest and Chairman and Chief Executive Officer, Verisign, Jim Bidzos.
Ron Rivest: Good afternoon.
Jim Bidzos and I are here to present the RSAC Lifetime Achievement Award to Burton Kaliski.
We’re so proud of him for his accomplishments and for this well-deserved recognition. I met Burt in 1983. He did his bachelor’s, master’s, and PhD thesis with me at MIT finishing in 1988. He was the Founding Chief Scientist at RSA Labs, leading the company’s research team. Burt’s strength in research was evident from his being selected as General Chair of CRYPTO ‘91 and selected as Program Chair of CRYPTO ‘97.
Burt has been involved in many different aspects of cryptography. His most cited paper is “PORs: Proof of Retrievability for Large Files” with Ari Juels, a cryptographic method enabling a server to prove that it actually possesses a particularly large file. Burt understands the importance of standards to a cryptography as standards are necessary for interoperability. He has been very involved in designing and promoting cryptographic standards.
Most recently, Burt has been involved in post-quantum cryptography and has proposed methods for parties to advertise that they have the ability to agree on a secret key, for example. He also developed general methods for using Merkle Trees and hash functions to efficiently sign messages, even signing multiple messages at once. Burt has always been interested in the relationship between theory and practice and in seeing that theoretical advances have practical impact through the development of supportive technology and standards.
For all these accomplishments and more, I’d like to convey my congratulations.
I’d like next to hand the mic, metaphorically, over to Jim Bidzos to make some remarks.
Jim Bidzos: Thank you, Ron.
Dr. Burt Kaliski arrived at RSA Data Security over 35 years ago in 1989. I hired him in September as employee number seven, and its first full-time cryptographer. He joined me and MIT Professor Ron Rivest, who you all know as the co-inventor of the RSA algorithm and co-founder of RSA data security. And when Burt joined us, he went right to work. That year, he was supporting the emerging Privacy Enhanced Mail standard, an effort underway at the IETF. He also began assisting RSA customers who were the leading tech companies of the time, applying his expertise by designing and developing tools and specialized protocols to help them seamlessly integrate cryptography into their products. In 1991, he was leading the efforts to create a broad set of standards for interoperable cryptography, known as PKCS, and the participants included Novell, Lotus, Apple, and Microsoft, among its members.
The seminal PKCS specifications are widely used today. He was a panelist in the first RSA conference in 1991, which today is more aptly named RSAC, and many since. By 1992 at the ripe old age of 28, Dr. Kaliski was the Founding Chief Scientist of RSA Labs, the membership of which included pioneering cryptographers such as Doctors Ron Rivest, Whitfield Diffie, Martin Hellman, and Taher Elgamal, all, by the way, RSAC Lifetime Achievement Award recipients themselves. And all along the way, every year he taught, lectured, and published important research on cryptography, things that he continues to do to this very day.
He has never left the family. He is currently the Chief Technology Officer at Verisign, where I’m the CEO, and Dr. Rivest is an advisor. Burt’s work and his research are present throughout today’s digital world. Many millions around the world can thank Dr. Burt Kaliski for his contributions to the digital privacy they enjoy.
Now, I’ve made many presentations of the RSA Lifetime Achievement Award. I can think of no greater pleasure or honor than to be on this stage today, along with Professor Rivest to present to a colleague and a friend of us both across five decades, this well-earned and deeply deserved recognition. Burt, please join us on stage to accept the award.
Dr. Burt Kaliski: Thank you. It’s an incredible honor to receive this award. Jim and Ron, thank you so much for your generous words. You’ve already given me more than enough for a lifetime by involving me in your historic contributions. And thank you RSAC for this high honor.
Standing here now, I’m so deeply grateful to the strong family members who have stood alongside me with a lifetime of love. My late parents Burt Sr. and Janice, who got me started as a learner. My Uncle Marty, who introduced me to computers and number theory. My accomplished siblings; Kristen, John, Karen and Michael and their families. The incomparable Michele Fichtl Kaliski, my partner in life since our days at MIT. Our son, Steve and daughter Jessie, their spouses Chanya, and Justin, our grandson, Ari.
My appreciation also goes to the leaders in our field who have invested of themselves in my endeavors: the late Denny Branstad, Shafi Goldwasser, and Silvio Micali, who along with Ron advised my research at MIT, Marty Hellman for his many words of wisdom, the excellent executives I’ve reported to, including the late John Adams, Art Coviello, Jeffrey Nick, Todd Strubbe, Danny McPherson, and of course Jim. The scientists who grew RSA Laboratories, Matt Robshaw, Lisa Yin, and Ari Juels, and so many others who have helped me along the way. Thank you.
My friends, do you recall the feeling you had when you first encountered an amazing idea? I still remember when I learned about RSA this way to encrypt with a key that you couldn’t decrypt with. Could this be possible? Yes! A lifetime later I have a name for this sense of discovery, of wonder, that has permeated my career. It’s hope. Hope that if there is one idea that can help the world, then there must be more. That we are not limited by the past. We can build a better future, together. And that if we pursue these gifts with humility, then we may, indeed, also build a lifetime of achievement in the things that matter.
Today, the latest issue of The Domain Name Industry Brief Quarterly Report was released by DNIB.com, showing the first quarter of 2025 closed with 368.4 million domain name registrations across all top-level domains (TLDs), an increase of 4.2 million domain name registrations, or 1.1% compared to the fourth quarter of 2024. Domain name registrations increased by 6.1 million, or 1.7%, year over year.
Check out the latest issue of The Domain Name Industry Brief Quarterly Report to see domain name stats from the first quarter of 2025, including:
Top 10 largest TLDs by number of reported domain names, with quarterly renewal percentages when available
Top 10 largest ccTLDs by number of reported domain names, with quarterly renewal percentages when available
Top 10 largest gTLDs by number of reported domain names, with quarterly renewal percentages and other key statistics
Last month marked 40 years since the registration of the world’s first ever .com domain name – symbolics.com – in March 1985. It’s a time to reflect both on the role .com has played in the evolution and growth of the internet over the past 40 years, and on the importance of ensuring that .com remains secure, stable, and resilient for the billions of people who rely on it every day.
Who could have imagined in 1985 that over the course of the next four decades, internet users would register hundreds of millions of domain names, and that many of those domain names would be instrumental in transforming commerce, entertainment, and communication across the globe? Many of the world’s most influential companies and individuals have chosen .com as the stable foundation for their brands and online presence, and today, .com supports trillions of dollars in global commerce and enables billions of internet users to connect online with confidence – anytime, anywhere.
But while many people interact with .com addresses every day, few know about the powerful technological infrastructure that has made .com a reliable, foundational element of the internet for decades. And while this infrastructure operates largely unseen and unknown, its unparalleled performance and continued evolution has formed the basis for the trust internet users place in .com.
The advanced global technological constellation that powers .com spans more than 60 countries and processes an average of more than 400 billion Domain Name System (DNS) transactions each day. Verisign invests continuously to build and innovate this infrastructure, which is the most technically sophisticated of its kind, and has delivered 100 percent DNS availability for .com for more than 27 years without interruption.
This infrastructure includes an advanced registration system, which reliably updates and maintains an accurate record of all registered .com domain names on a continuous basis, ensuring that millions of registry transactions are processed correctly, and millions of daily changes – including cryptographic updates to support DNS Security Extensions (DNSSEC) – are distributed to a highly resilient global resolution constellation within seconds.
As the steward of .com, Verisign is also responsible for defending it from highly sophisticated and massive volumetric cyberattacks, which is critical to maintaining and extending .com’s unprecedented 27+ year uninterrupted availability record. To accomplish this, Verisign employs a comprehensive enterprise risk management program and threat-driven defensive practices that drive continuous improvements to Verisign’s systems and programs.
The evolution of .com as a secure, stable, and resilient cornerstone of the internet’s global infrastructure over the past several decades has helped to contribute to the overall success and stability of the global DNS over that same period . For instance, Verisign’s pragmatic and deliberate approach in the development and deployment of DNSSEC in the root zone in 2010, followed by .com in early 2011, extended far beyond the infrastructure Verisign operates. Today virtually all internet users worldwide benefit from the enhanced protections that DNSSEC provides. The reason that the DNS – a technology first deployed more than 40 years ago – has been able to keep pace with the rapid evolution of other internet technologies, is thanks to the continued collaboration, cooperation, and dedication of a global community of DNS technologists, of which Verisign is proud to be a part.
The success of this approach is evident every day in the trust that entrepreneurs, innovators, and consumers place in .com and the DNS more broadly to reliably support the most important aspects of their online lives, from business, to banking, to key connections with family and loved ones. Maintaining that trust is the responsibility of every DNS infrastructure operator across the globe and remains at the core of Verisign’s mission.
The story of .com over the past four decades has been written by the millions of internet users who used their .com addresses to build businesses, create communities, and establish their online presence. We’re excited to see what these users have in store for the next 40 years. In the meantime, Verisign remains committed to ensuring the security, stability, and resiliency of .com, which has meant so much to so many people across the globe.
On Jan. 11, 2025, Verisign supported the Internet Corporation for Assigned Names and Numbers (ICANN) in taking a major step to ensure the continued security, stability, and resiliency of the Domain Name System (DNS). While imperceptible to most users, this action – specifically, the introduction of a new Domain Name System Security Extensions (DNSSEC) Key Signing Key (KSK) in the root zone – is the next step of a multi-year-long process to change, or “roll,” the cryptographic key that secures the root of the DNS. In this blog post, we’ll go into more detail about what this means and what observations we can make about the new key, which we refer to as “KSK-2024.”1
Introduction to KSKs and ZSKs
As we’ve discussed on our blog, the root zone utilizes both a KSK and ZSK. ICANN serves as the KSK operator and Verisign serves as the Zone Signing Key (ZSK) operator. This means we work closely with and support ICANN when it comes to KSK rollovers and other important changes to the root zone.
One advantage of the split key design is that the KSK generates relatively few signatures and can be changed infrequently. The ZSK, on the other hand, generates more signatures and is changed more often. Whereas the ZSKs are changed every 90 days, the KSK has only been changed once before, in 2017 (read our older blog posts about the previous root KSK rollover).
KSKs and ZSKs are published in the DNS and become part of the chain-of-trust for validating DNSSEC signatures. One feature of this chain-of-trust is that a parent zone can vouch for the authenticity of the keys in child zones. This is the purpose of the Delegation Signer (DS) record type. As an example, the .com zone has a DS record that authenticates the DNSSEC keys for the example.com zone:
For the root zone, however, this presents a unique challenge because there is no parent for the root zone. Instead, DNS resolvers need to configure a trust anchor which authenticates the root zone KSK.
Generally speaking, there are three methods by which trust anchors are configured in resolvers:
manually by a system administrator
via updates provided by an operating system vendor
through the protocol described in RFC 5011 (“Automated Updates of DNS Security (DNSSEC) Trust Anchors”)
We expect most resolvers will be updated through the RFC 5011 process, due to the fact that it is widely implemented in recursive resolver software and is most likely to result in an updated trust anchor before any of the other methods. RFC 5011 states that when a new KSK first appears, the resolver remembers it and marks it as a candidate for acceptance. If the KSK remains present (and authentic) in the DNS for at least 30 days, the resolver considers it a valid trust anchor and adds it to its permanent trust anchor configuration.
Observing the KSK Adoption Process in Real Time
Thanks to another DNS feature, described in RFC 8145 (“Signaling Trust Anchor Knowledge in DNS Security Extensions (DNSSEC)”) and implemented by many recursive resolver products, we have some visibility into the adoption of a new KSK.
Resolvers that support RFC 8145 will periodically indicate which KSKs are in their trust anchor configuration. They do this by sending a specially formatted DNS query to the name servers of the zone for the corresponding trust anchor. In this case, it’s the root zone, and those queries are sent to the root name servers. As one of the 12 root server operators, Verisign receives these trust anchor signals on an ongoing basis.
It has now been more than 30 days since KSK-2024 was published in the root zone. DNS resolvers that have observed the new key since Jan. 11 should now accept and include it in their trust anchor configuration. In the graph below we can see that, indeed, 91.3% of resolvers now signal that they trust KSK-2024, which is directly in line with the adoption rate we observed at this same time during the last KSK rollover.
Figure 1: This graph shows a sampling of resolvers and which KSK(s) they have configured in their trust anchor, as of March 3, 2025. As expected, the adoption rate of KSK-2024 starkly increased after Feb. 10, once 30 days had passed since the introduction of the new key in the root zone and resolvers began to trust the new key.
A few items to note in this graph:
First, note that 100% of resolvers have KSK-2017 configured as their trust anchor (green line at the top). We expect it to remain like that until after KSK-2017 is revoked in early 2027.
Second, we can see that quite a few resolvers still trust KSK-2010 (purple line), even though it was revoked in 2019. This is most likely due to its lingering presence in operating system software updates.
Third, we can see that a small population of resolvers began including KSK-2024 in their trust anchor configuration in July 2024, right after the key was published in the Internet Assigned Numbers Authority (IANA) trust anchor file on their website. We believe the operators for a small number of resolvers configured it manually.
Continued Uptake and Future Monitoring of KSK-2024 Adoption
At the time of this writing, uptake sits at just shy of 100 percent. But is it a cause for concern that adoption is not yet at a full 100 percent?
In short, the current adoption rate is not concerning. It’s important to remember that the KSK rollover plan includes a long pre-publish period – nearly two years long when all is said and done – and the key won’t be used for generating signatures until October 2026. That means that while some resolvers may not trust the new key yet, there is still plenty of time for all DNS resolvers to accept it, either via the RFC 5011 process, software updates, or manual configuration.
Verisign will continue to monitor the uptake of KSK-2024 through trust anchor signals and other means, and we’ll work closely with ICANN and other research partners to track its progress. All in all, we are highly optimistic about a successful rollover process that helps continue to keep the DNS secure, stable, and resilient, beginning with the publication of this new KSK in the root zone.
Footnotes
The root zone KSK rollover is a multi-year process. This one began in April 2024 when the key was generated, hence the name “KSK-2024.” The next milestone is scheduled for October 2026 when the new key will first be used for generating signatures. ↩︎
Today, the latest issue of The Domain Name Industry Brief Quarterly Report was released by DNIB.com, showing the fourth quarter of 2024 closed with 364.3 million domain name registrations across all top-level domains (TLDs), an increase of 2.0 million domain name registrations, or 0.5% compared to the third quarter of 2024. Domain name registrations increased by 4.4 million, or 1.2%, year over year.
Check out the latest issue of The Domain Name Industry Brief Quarterly Report to see domain name stats from the fourth quarter of 2024, including:
Top 10 largest TLDs by number of reported domain names, with quarterly renewal percentages when available.
Top 10 largest ccTLDs by number of reported domain names, with quarterly renewal percentages when available.
Top 10 largest gTLDs by number of reported domain names, with quarterly renewal percentages and other key statistics.
