Understanding Evolution and Adoption of Top Level Domains and DNSSEC

The Domain Name System (DNS) is a hierarchical distributed database that serves as the directory of the Internet by mapping fully qualified domain names to IP addresses. The top level domain (TLD) is the highest level in the DNS hierarchy and until 2012, there had only been 22 of these domains for generic uses (gTLD). ICANN's New gTLD Program has since opened up the domain names to public registration, leading to the creation of thousands of new gTLDs over the last six years. The rapid increase in the number of gTLDs give registrants a wider choice of domain names but it also offers malicious actors more opportunities of attacks. By mirroring the DNS hierarchy, DNSSEC authenticates DNS responses and prevents modified or forged DNS records. We present a longitudinal analysis on the adoption of the new gTLDs and deployment of DNSSEC using data from a large campus network and a national-level authoritative name server. Although the popularity of new gTLDs is rapidly growing across a large number of domains, we find the proportion of queries to new gTLDs overall to remain very low. None of the top-10 queried TLDs were new gTLDs. We find DNSSEC deployment at the national level to be improving but still weaker than global averages. Efforts need to be made to ensure correct DS records are uploaded to the registry to complete the DNSSEC chain of trust.