Domain Report 2023
CZ.NIC, z.s.p.o, is an interest association of legal entities, founded in 1998 by leading providers of Internet services in the Czech Republic. The principal duties and activities of the association include operation of the .CZ domain registry and DNS servers for the .CZ top-level domain (TLD).
The annual domain report is an on-line publication that offers key statistical facts about the status and dynamics of the Czech country-code TLD (ccTLD), which is primarily used by subjects in the Czech Republic – individuals and organisations.
The graphs and tables are organised into several sections illustrating various aspects of the registry and domain operation. Most charts are interactive: additional information can be obtained by placing the mouse cursor over graphical components of such a chart. In multivariate graphs, each variable can be switched off or on by clicking on the corresponding entry in the legend.
Domain Registrations
After a period of accelerated growth during the covid years, in the last two years the total number of .CZ domains shows signs of saturation again. In 2023, the year-over-year increase was only 0.4%, which is even less than the YoY increase in 2019. The number of second-level domains registered under .CZ reached 1 468 788 by the end of 2023.
The following chart shows monthly domain registrations during the last four years. Again, the numbers are quite similar to pre-covid years and follow the typical camel-like shape with a maximum in March and another (usually smaller) peak in October-December.
Registrars
Market shares of leading registrars and their dynamics are displayed in the following table and graph, respectively. The rightmost table column shows approximate percentages of parked domains in the portfolio of each registrar. Parked domains were classified by a machine-learning algorithm with an accuracy of 92%.
| Registrar | Domains | Parked (%) |
|---|---|---|
| INTERNET-CZ | 310 152 | 8 |
| WEDOS | 295 985 | 25 |
| ACTIVE24 | 190 335 | 32 |
| GRANSY | 153 002 | 11 |
| WEBGLOBE | 143 147 | 13 |
| other | 128 532 | 20 |
| ZONER | 63 933 | 28 |
| MEDIA4WEB | 54 940 | 5 |
| WEB4U | 47 213 | 28 |
| THINLINE | 31 263 | 31 |
| 1API | 28 664 | 18 |
| TELE3 | 21 570 | 13 |
Web Contents
The following bar charts give the results of an automatic classification of all second-level domains according to the contents of their “home” web pages. A machine learning algorithm was applied to the source data provided by DNS crawler. See ADAM Report 2/2020 for details.
The graph on the left gives a baseline classification into seven classes. Ordinary domains denote all domains that do not fall into one of the other six categories. A detailed breakdown of this category into subcategories with specific contents is shown on the right.
Domain Geography
Each domain is registered for a concrete domain holder, which may be a person or a company – either holder category has a share of almost exactly 50%. Obviously, most of the .CZ domains (1 326 810, i.e. 90.33%) have holders with Czech addresses. The following table and map show their distribution among the 14 regions of the Czech Republic, as well as the number of domains per 100 citizens. The regions with the highest relative increase in the number of domains are Jihomoravský (2.8%) and Středočeský (2.55). On the other hand, we observe a decrease of 2.4% for Praha, which is unusual and likely to be caused by the verification of domain holder addresses performed in 2023.
| Region | Domains | per 100 citizens |
|---|---|---|
| Praha | 417 315 | 31.65 |
| Jihomoravský | 164 903 | 13.85 |
| Středočeský | 143 103 | 10.36 |
| Moravskoslezský | 100 851 | 8.40 |
| Zlínský | 64 051 | 10.99 |
| Jihočeský | 55 852 | 8.68 |
| Ústecký | 52 382 | 6.38 |
| Pardubický | 50 179 | 9.62 |
| Královéhradecký | 50 169 | 9.10 |
| Olomoucký | 46 607 | 7.37 |
| Plzeňský | 45 779 | 7.78 |
| Vysočina | 38 665 | 7.58 |
| Liberecký | 38 503 | 8.68 |
| Karlovarský | 16 077 | 5.46 |
| Unknown | 42 374 | – |
The share of domains held by foreign holders is currently 9.67%. The distribution of domains among top-ten countries of their domicile are shown in the table below.
| Country | Domains | ||
|---|---|---|---|
|
United States | 33 742 | 33742 |
|
Slovakia | 27 825 | 27825 |
|
Germany | 17 148 | 17148 |
|
Poland | 7 447 | 7447 |
|
China | 7 350 | 7350 |
|
United Kingdom | 6 316 | 6316 |
|
France | 5 027 | 5027 |
|
Netherlands | 3 992 | 3992 |
|
Italy | 2 945 | 2945 |
|
Switzerland | 2 825 | 2825 |
| Other | 27 361 | 27361 |
The following slope graph shows the changes of the above domain counts in the last three years. The previous rapid increase for USA slowed down whereas the number of domains held by Chinese and Italian holders dropped down significantly.
The world-wide distribution of .CZ domain holder addresses is in the following zoomable map. Obviously, a vast majority of holders are concentrated in Western Europe and USA. In 2023, new domain holders emerged, for example, in Benin, Kyrgyzstan and Laos.
Domain Names
Each second-level domain is identified in the .CZ registry by a
unique label (the part before .cz). CZ.NIC
requires labels to obey rules of RFC 1035 that
restricts the character set to lower- and upper-case letters of the
English alphabet, digits and the hyphen symbol (“-”), and label length
to 63 characters. The distribution of label lengths is shown in this
histogram:
Excessively long domain names are of course not very convenient, so only eight of the .CZ domains have their labels with the maximum length. On the other hand, short labels are much more popular as demonstrated in the following table showing “occupancy” of the label space at the four shortest lengths. In particular, we can see that all single- and double-letter domains are already registered. For lengths of five or more, the label space is so vast that all registered domains only take a negligible fraction of all possibilities.
| Label length | Possibilities | Registered | % Registered |
|---|---|---|---|
| 1 | 36 | 36 | 100 |
| 2 | 1 296 | 1 296 | 100 |
| 3 | 47 952 | 19 212 | 40 |
| 4 | 1 772 928 | 40 726 | 2 |
DNS Traffic
CZ.NIC currently operates 74 physical DNS servers for the .CZ zone, distributed in 14 countries of all continents except Antarctica. The number of servers has been reduced by more than one third since 2020, mainly due to the deployment of XDP that considerably increases the DNS server performance so that less hardware is needed.
On the average, the servers are queried by 1.53 million distinct resolvers every day that send around 18.8 thousand DNS queries per second (QPS). The resolvers’ requests are delivered to the “closest” server based on IP anycast routing configuration. The resulting global communication pattern is depicted in the following diagram showing average QPS distribution from top-15 countries in 2023.
In 2023, CZ.NIC deployed two new anycast nodes in Johannesburg (March) and Sydney (August). The significant decrease of the clients’ average round-trip time for both locations is clearly visible in the next graph.
DNS over IPv6
IPv6 adoption in the DNS has several aspects. From a statical point of view, a significant majority of second-level domains have authoritative DNS servers answering queries on both IPv4 and IPv6, as demonstrated in this pie chart:
The following two graphs, however, show that IPv6 is still a minority protocol in the traffic observed on both authoritative servers for .CZ and the public ODVR resolver.
DNSSEC
DNS Security Extensions (DNSSEC) use public key cryptography for
securing DNS data. In the past fifteen years, CZ.NIC has been investing
a lot of effort into dissemination and actual deployment of DNSSEC in
second-level domains. The .CZ domain was among the first top-level
domains to implement DNSSEC. CZ.NIC also actively encourages
second-level domain administrators to use automatic DNSSEC provisioning
via CDS and CDNSKEY resource records (see RFC 7344 and 8078).
DNSSEC Deployment
The following graph shows the number of DNSSEC-secured second-level domains (blue bars) in comparison to the total number of .CZ domains (black line).
Tha absolute count of domains supporting DNSSEC has been slightly decreasing for two consecutive years, in spite of an increase in the total number of domains. The relative share of DNSSEC-secured domains is currently 57.3%.
DNSSEC Algorithms
An important operational aspect of a robust DNSSEC deployment is the selection of a cryptographic algorithm. The following chart shows how the mix of cryptographic algorithms in the .CZ domain evolved since 2008.
We can see that the migration from the once-dominant algorithms RSASHA1 and RSASHA1-NSEC3-SHA1, which use the weak cryptographic hash function SHA-1, is almost complete, their share is now less than 3.5%. More than 72% domains use algorithms based on elliptic curves.
DANE
DANE (DNS-based Authentication of Named Entities) is a technology that uses the DNS hierarchy together with DNSSEC to validate authenticity of X.509 digital certificates.
Out of 745 506 unique mail servers specified in MX
records for all .CZ second-level domains, 959
(0.13%) had a corresponding DANE TLSA
record. Due to the concentration of mail services, the fraction of .CZ
domains using DANE-protected servers is significantly higher:
10.35% (152 003 domains).
As shown in the next graph, the number of domains with DANE-protected mail servers (on the prevalent port 25) decreased quite significantly in 2023.
Server Software
This section illustrates estimated evolution of market shares achieved by various implementations of the most common Internet services – DNS, WWW and email – based on data obtained by the DNS crawler tool. A caveat of this approach is that the numbers largely depend on the willingness of server administrators to disclose the correct information.
If a domain uses multiple servers with different implementations of a given server, then the same domain is counted repeatedly for all implementations.
Web Servers
Web services within the .CZ domain are mostly run on Apache and NGINX servers. The following graph indicates that the OpenResty has been gaining ground in 2023.
Mail Servers
Finally, the following graph shows market shares of main mail servers. Of the second-level domains with a detected implementation, most is served by Postfix, although its popularity appears to be slightly declining in the last two years.