Domain Report 2022
CZ.NIC, z.s.p.o, is an interest association of legal entities, founded in 1998 by leading providers of Internet services in the Czech Republic. The principal duties and activities of the association include operation of the .CZ domain registry and DNS servers for the .CZ top-level domain (TLD).
The annual domain report is an on-line publication that offers key statistical facts about the status and dynamics of the Czech country-code TLD (ccTLD), which is primarily used by subjects in the Czech Republic – individuals and organisations.
The graphs and tables are organised into several sections illustrating various aspects of the registry and domain operation. Most charts are interactive: additional information can be obtained by placing the mouse cursor over graphical components of such a chart. In multivariate graphs, each variable can be switched off or on by clicking on the corresponding entry in the legend.
Domain Registrations
In the last two domain reports (2020 and 2021) we observed accelerated year-over-year growth of 3.2% and 3.8%, respectively, in the total number of .CZ domains. In 2022 we saw a slightly smaller YoY increase of 2.7%, and the number of second-level domains registered under .CZ reached 1 463 116 by the end of 2022. The last three years of noticeable growth disrupted the previous saturating trend.
The increases observed in 2020 and 2021 could undoubtedly be attributed to the effects of the COVID-19 pandemic, as a large portion of business and social activities were moved to the Internet. We therefore assumed that the growth of 2022 was mainly caused by another major crisis, namely the aggression of Russian Federation against Ukraine. Upon a closer investigation, however, this hypothesis turned out to be false. The following chart shows monthly domain registrations in 2022 compared to the last “normal” year so far (2019), and the first year of COVID-19 pandemic (2020). Whereas in 2020 data we can see two pronounced peaks (March–May and October–November) coinciding with outbreaks of the pandemic in the Czech Republic, registrations in 2022 follow the more usual quasi-convex shape with no clear anomaly near the beginning of the war in Ukraine.
Domain Geography
Each domain is registered for a concrete domain holder, which may be a person or a company – either holder category has a share of almost exactly 50%. Obviously, most of the .CZ domains (1 322 088, i.e. 90.36%) have holders with Czech addresses. The following table and map show their distribution among the 14 regions of the Czech Republic, as well as the number of domains per 100 citizens. The regions with the highest relative increase in the number of domains are Zlínský (2.1%) followed by Praha (1.7%), and the region with the lowest relative increase is Karlovarský (0.03%).
| Region | Domains | per 100 citizens |
|---|---|---|
| Praha | 427 488 | 32.42 |
| Jihomoravský | 160 366 | 13.47 |
| Středočeský | 139 586 | 10.10 |
| Moravskoslezský | 99 591 | 8.29 |
| Zlínský | 62 386 | 10.70 |
| Jihočeský | 55 851 | 8.68 |
| Ústecký | 52 311 | 6.37 |
| Pardubický | 49 829 | 9.55 |
| Královéhradecký | 49 185 | 8.92 |
| Olomoucký | 45 746 | 7.24 |
| Plzeňský | 44 702 | 7.59 |
| Vysočina | 37 974 | 7.45 |
| Liberecký | 37 964 | 8.56 |
| Karlovarský | 15 847 | 5.38 |
| Unknown | 43 262 | – |
The share of domains held by foreign holders is currently 9.64%. The distribution of domains among top ten countries of their domicile are shown in the table below. It is worth noting that the number of domains held by US holders more than doubled in 2022 and surpassed Slovakia.
| Country | Domains | ||
|---|---|---|---|
|
United States | 29 047 | 29047 |
|
Slovakia | 27 119 | 27119 |
|
Germany | 15 335 | 15335 |
|
China | 11 923 | 11923 |
|
Poland | 6 221 | 6221 |
|
France | 5 707 | 5707 |
|
Italy | 5 612 | 5612 |
|
United Kingdom | 4 808 | 4808 |
|
Netherlands | 4 170 | 4170 |
|
Switzerland | 3 076 | 3076 |
| Other | 28 010 | 28010 |
The changes in last three years are shown in the following slope graph. Apart from the United States, we can observe steep increases for China and Italy in 2022, while Germany has grown negligibly after several years of a slow descent.
The following zoomable map captures world-wide distribution of .CZ domain holder addresses. Most holders are in the northern hemisphere (Europe and North America), but lonely holders can also be found in exotic countries such as Bolivia, North Korea, Yemen, various Caribbean islands or sub-Saharan countries.
Domain Names
Each second-level domain is identified in the .CZ registry by a
unique label (the part before .cz). According to
RFC 1035, it
may consist of at most 63 characters. Excessively long domain names are
of course not very convenient, so only eight of the .CZ domains have
their labels with the maximum length. On the other hand, short labels
are much more popular. In particular, all 36 one-character labels (26
letters and 10 digits) are already taken.
The following histogram shows the actual distribution of label length. The median is 10 characters.
In the table below are the top 10 domains with the largest number of characters (.cz not included)
| Domain name | Number of characters |
|---|---|
| ceske-solarni-osvetleni-eco-bioled-pro-golfova-hriste-skiresort.cz | 63 |
| ff7b9170a63aac451924d89512e60fd87accce9a0f7e817300eb69082272ee4.cz | 63 |
| hryhryhryhryhryhryhryhryhryhryhryhryhryhryhryhryhryhryhryhryhry.cz | 63 |
| nakosikarnecz-lookinlifecz-barahcz-davson98cz-maillefer-clcz-go.cz | 63 |
| nonstopradio-zastav-se-a-poslouchej-hity-od-80let-po-soucasnost.cz | 63 |
| prvni-nejdelsi-domena-v-ceske-republice-ktera-ma-prave-63-znaku.cz | 63 |
| toto-je-velmi-vysoce-kvalitni-domena-takze-vypadni-a-dej-sii-ze.cz | 63 |
| vlastnitnejdelsimoznouczdomenujevelmizajimavaaletakyzbytecnavec.cz | 63 |
| nepodariloseminajitzadnevhodnejsidomenovejmenokterebybylovolne.cz | 62 |
| supervize-metodikysqss-poradenstvi-vzdelavani-socialniprace-vm.cz | 62 |
DNS Traffic
CZ.NIC currently operates more than 120 DNS servers for the .CZ zone, distributed in 12 countries of 4 continents. On the average, they are contacted by about 1.25 million distinct resolvers every day that send around 18 thousand DNS queries per second (QPS). The resolvers’ requests are delivered to the “closest” server based on IP anycast routing configuration. The resulting global communication pattern is depicted in the following diagram showing average QPS distribution from top-15 countries in 2022. The significant volume of traffic originating in the United States comes mostly from large US-based content providers.
DNS over IPv6
The following graph shows that a significant majority of second-level domains already have authoritative DNS servers answering queries on both IPv4 and IPv6. The numbers also include domains with authoritative servers outside the .CZ zone.
In terms of DNS traffic, the share of IPv6 is considerably smaller – one third for the authoritative DNS servers, and 7% for the public ODVR resolver:
DNSSEC
DNS Security Extensions (DNSSEC) use public key cryptography for
securing DNS data. In the past decade, CZ.NIC has been investing a lot
of effort into dissemination and actual deployment of DNSSEC in
second-level domains. The .CZ domain was among the first top-level
domains to implement DNSSEC. CZ.NIC also actively encourages
second-level domain administrators to use automatic DNSSEC provisioning
via CDS and CDNSKEY resource records (see RFC 7344 and 8078).
DNSSEC Deployment
The following graph shows the number of DNSSEC-secured second-level domains (blue bars) in comparison to the total number of .CZ domains (black line).
For the first time since the introduction of DNSSEC in .CZ, the absolute number of DNSSEC-secured domains decreased. Their relative share among all second-level domains is currently 57.73%.
DNSSEC Algorithms
An important operational aspect of a robust DNSSEC deployment is the selection of a cryptographic algorithm. The following chart shows how the mix of cryptographic algorithms in the .CZ domain evolved since 2008.
As we can see, RSASHA1 had been an absolutely dominating algorithm until 2015 (RSASHA1-NSEC3-SHA1 is the same, only serves certain backward compatibility purposes). This algorithm uses the SHA-1 cryptographic hash function that is known to be weak but, according to the latest recommendations still poses no significant threats to DNSSEC integrity. The previous chart indicates that the migration to more secure craptographic algorithms is almost finished, as only about 4% second-level domains in .CZ still use those weaker algorithms.
DANE
DANE (DNS-based Authentication of Named Entities) is a technology that uses the DNS hierarchy together with DNSSEC to validate authenticity of X.509 digital certificates.
Out of 710 041 unique mail servers specified in MX
records for all .CZ second-level domains, 1003
(0.14%) had a corresponding DANE TLSA
record. Due to the concentration of mail services, the fraction of .CZ
domains using DANE-protected servers is significantly higher:
9.59% (140 254 domains). Their
distribution among the three most commonly used TCP ports is shown in
the following histogram:
We also identified 97 domains with DANE records for
web services running on either www.<domain>.cz or
<domain>.cz, which is only slightly more than one
half of the count obtained in the previous year. The use of DANE for web
browsing is apparently disappearing because browser vendors prefer the
more traditional PKI
infrastructure.
Server Software
This section contains estimates of the market shares achieved by various implementations of the most common Internet services: DNS, web and e-mail. Data was obtained by querying all second-level domains using the DNS crawler tool in December 2022. We have slightly improved the algorithms for identifying implementations, but the results should still be taken with a grain of salt as they mostly depend on the willingness of server administrators to disclose the correct information.
Quite often, a domain uses multiple servers for a given service. If these servers use different implementations, then the same domain is counted for all implementations.
Web Servers
Web services in the .CZ domain are mostly run on Apache and NGINX servers. The following histogram
shows market shares of most common web server implementations detected
for the “main” page of each second-level domain, i.e. either
www.<domain>.cz or just
<domain>.cz.
Mail Servers
Finally, the following table shows the market shares of mail server
implementations. Included are all servers specified in MX
records of second-level domains.
| Software | Domains | Hosts |
|---|---|---|
| Unknown | 842 291 | 526 083 |
| Postfix | 480 103 | 156 226 |
| Microsoft | 39 208 | 37 379 |
| Exim | 25 932 | 7 071 |
| IceWarp | 20 685 | 1 105 |
| Haraka | 12 991 | 158 |
| Sendmail | 5 177 | 829 |
| Kerio | 883 | 516 |
| Symantec | 368 | 96 |
| qmail | 233 | 12 |
| Barracuda | 151 | 38 |
Web Contents
For the web content classification we used data provided by the DNS crawler and a classifier based on machine learning (see ADAM report 2/2020 for details).
The following chart compares web content classification results for 2021 and 2022. There are no substantial changes, although for some classes (Company site, Parked, HTTP Error) a slight growth in the number of domains can be observed. On the other hand, fewer web pages with content classified as Blog, Other or Directory were found in 2022.