Terry-san,
Has there been any studies done to analyse the number of resolvers taking to the RSS (with query volumes) that do or do not ask for DNSKEY?? (google scholar didn't find anything of note)
We have DITL dataset. However, IP address anonymization makes estimation difficult. I did such research in 2010-2013. - Increase of probable DNSSEC Validations and DNSSEC side effect, 28 July 2013, IEPG Meeting, Berlin, Germany. http://www.iepg.org/2013-07-ietf87/4%20-%20IEPG-201307-fujiwara-02.pdf - Analysis of DITL root data and comparison with jp data , 6 Oct., 2013, DNS-OARC Fall 2013 Workshop, Phoenix, AZ, US. https://indico.dns-oarc.net//getFile.py/access?contribId=1&resId=0&materialI...
Would that not be the categorical definition of DNSSEC validation? Especially in regards to the root server system?
Since many measurement probes send similar queries to root-servers as DNSSEC validators, it may be difficult to accurately determine the number of DNSSEC validators. -- Kazunori Fujiwara, JPRS <fujiwara@jprs.co.jp>