DNSSEC, Italian Public Administration failing

This is a follow-up from my 2014 article: DNSSEC, unidentified flying object in the sky over Italian Public Administration

Five years have passed, but no good news about Public Administration and DNSSEC in Italy.

DNNSEC (a set of extensions to DNS documented since 2005 by RFCs 4033, 4034, 4035) effectively protects applications from using forged or manipulated DNS data (for example consider DNS cache poisoning threats).

Look at this short presentation to learn more.

The Italian Registry of “.it” domain names provides the registrars with the possibility to manage DNSSEC.

How many of them are DNSSEC enabled, since registro.it made the service available in 2018?

Out of 1.235 registrars, only 25 of them are DNSSEC enabled: it’s 2%.

Let’s give a look at the ccTLD DNSSEC situation all over the planet:

Now, to better understand which great effort is needed in order to secure Public Administrations’ domain names with a DNSSEC chain, look at our study findings:

8.372 domain names examined

DNS security extensions are deployed just on one of them, yes 1:


San Gimignano is a small municipality in Tuscany, where a smart engineer, Claudio Perrone, is making a difference and clearly outperforms anybody else in the IT field. Congratulations Claudio on your achievement.

Leave a Reply