DNSSEC Signing for .ch and .li on the Rise

The share of DNSSEC signed domain names in .ch and .li reached 1% for the first time in June 2017. While this is still a very low number compared to other ccTLDs, the number of DNSSEC signed domain names is increasing at a high rate for the last two quarters.


The Domain Name System Security Extensions (DNSSEC) is a set of technologies that secures the origin authentication and data integrity of the Domain Name System. It allows to detect DNS records that have been modified on the way from the authoritative name server to the client using a domain name. This helps to protect Internet users from going to bogus websites.

In addition from protecting Internet users from cybercriminals and state sponsored actors, DNSSEC is the base for important standards such as DNS-based Authentication of Named Entities (DANE).

DNSSEC in .ch and .li

DNSSEC was enabled for the .ch and .li zones in 2010 but unfortunately received a slow adaptation by domain holders. From 2013 there was a slow but steady growth of domain names signed with DNSSEC. In November 2016 we noticed a increased rate of DNSSEC signed domain names that accelerated in April 2017.

From now on SWITCH will publish statistics about the number of signed domain names for both ccTLDs .ch and .li on the nic.ch and nic.li website.

DNSSEC Signed Domain Names in .ch   DNSSEC Signed Domain Names in .li

Two Registrars Signing Domain Names with DNSSEC for their Customers

The reason for the growth can be explained when we look at the registrars of the DNSSEC signed names in .ch and .li. There are two registrars for .ch and .li domain names (Infomaniak and OVH) that have simplified DNSSEC signing domain names with just one click for the customer. Infomaniak even goes one step further by automatically enabling DNSSEC signing of newly registered domain names by default since April 5 2017. According to Infomaniak 84.77% of all customers leave this option activated and secure their domain name with DNSSEC.


20’637 DNSSEC signed domain names by 1st of June 2017 distributed by registrar

Secure your .ch or .li  Domain Name with DNSSEC Now!

If you are a customer of OVH or Infomaniak, it is quite easy to sign your domain name with DNSSEC. You just need to log in to the management tool and activate DNSSEC. After a short delay of up to one day, your domain name is signed and protected with DNSSEC.

One-click DNSSEC activation as shown on the Infomaniak management tool

If you are a customer of another registrar, ask you registrar to support DNSSEC signing of domain names.

The DNSSEC signing of a domain name by the registrar is easy if you use your registrars name servers, something the majority of all registered .ch and .li domain holder do. If you are running you own DNS server it requires some more steps. The Internet Society has published some information on how to deploy DNSSEC with the Deploy360 Programme.

Author: Michael Hausding

Competence Lead DNS & Domain Abuse at SWITCH the ccTLD registry for .ch & .li

One thought on “DNSSEC Signing for .ch and .li on the Rise”

Comments are closed.

%d bloggers like this: