Domain Report 2024
CZ.NIC, z.s.p.o, is an interest association of legal entities, founded in 1998 by leading providers of Internet services in the Czech Republic. The principal duties and activities of the association include operation of the .CZ domain registry and DNS servers for the .CZ top-level domain (TLD).
The annual domain report is an on-line publication that offers key statistical facts about the status and dynamics of the Czech country-code TLD (ccTLD), which is primarily used by subjects in the Czech Republic – individuals and organisations.
The graphs and tables are organised into several sections illustrating various aspects of the registry and domain operation. Most charts are interactive: additional information can be obtained by placing the mouse cursor over graphical components of such a chart. In multivariate graphs, each variable can be switched off or on by clicking on the corresponding entry in the legend.
Domain Registrations
At the end of the year 2024, the count of second-level domains under .CZ reached 1 485 493. Although this value continues to suggest saturation, the year-over-year increase of 1.1% was larger than in 2023.
The following chart shows monthly domain registrations during the last four years. While these counts follow the typical double-peaked shape (usually with a maximum in March, another smaller peak around October or November, and a minimum in July), most domain registrations in 2024 were observed in November.
Registrars
Market shares of leading registrars and their dynamics are displayed in the following table and graph, respectively. The rightmost table column shows approximate percentages of parked domains in the portfolio of each registrar. Parked domains were classified by a machine-learning algorithm with an accuracy of 92%.
| Registrar | Domains | Parked (%) |
|---|---|---|
| INTERNET-CZ | 316 429 | 9 |
| WEDOS | 315 596 | 14 |
| ACTIVE24 | 189 323 | 32 |
| WEBGLOBE | 151 640 | 14 |
| GRANSY | 136 818 | 12 |
| other | 132 393 | 12 |
| ZONER | 64 087 | 29 |
| MEDIA4WEB | 55 901 | 5 |
| WEB4U | 45 755 | 28 |
| THINLINE | 35 249 | 33 |
| 1API | 22 627 | 2 |
| WEBSUPPORT | 19 620 | 47 |
Domain Auctions
In mid-May, CZ.NIC launched the Domain Auctions service, enabling .CZ domains which were not renewed to return to the domain space. In the past, there were fights over the most attractive deleted domains, however, due to technical and administrative limitations for accessing the registry, they could only take place between a few interested parties. For this reason, CZ.NIC decided to open the market with the deleted domains to everyone and offers the vacant domains through the Domain Auctions service. The following graph suggests that in less than eight months of operation of this service, 3 389 .CZ domains were auctioned.
Web Contents
The following bar charts show the results of an automatic classification of all second-level domains according to the contents of their “home” web pages. A machine learning algorithm was applied to the source data provided by DNS crawler. See ADAM Report 2/2020 for details.
The graph on the left gives a baseline classification into seven classes. Ordinary domains denote all domains that do not fall into one of the other six categories. A detailed breakdown of the this category into subcategories with specific contents is shown on the right.
Notably, the classification results in the left-hand graph suggest that relative to the previous year the share of domains with no content increased by 6.19 percentage points and domains without any text content increased by 0.87 percentage points. Both of these increases seem to be at the expense of the ordinary domains (decrease of 3.65 percentage points), parked domains (decrease of 1.9 percentage points), and domains classified as “HTTP error” (decrease of 1.63 percentage points).
Domain Geography
Each domain is registered for a concrete domain holder, which may be a person or a company. Obviously, most of the .CZ domains (1 351 775, i.e. 91%) have holders with Czech addresses. The following table and map show their distribution among the 14 regions of the Czech Republic, as well as the number of domains per 100 citizens. In comparison to the previous year, slight increases in domain counts were observed in all regions. The highest relative increase was observed in the Plzeňský region (3.95%, 1 809 domains), followed by Jihomoravský (2.74%, 4 511 domains), Karlovarský (2.6%, 423 domains), Zlínský (2.6%, 1 683 domains), and Pardubický region (2.6%, 1 311 domains). In Praha, the increase was at 1.58% (6 607 domains). The smallest increase of 0.81% (425 domains) was observed in the Ústecký region.
| Region | Domains | per 100 citizens |
|---|---|---|
| Praha | 423 922 | 32.15 |
| Jihomoravský | 169 414 | 14.23 |
| Středočeský | 146 346 | 10.59 |
| Moravskoslezský | 102 138 | 8.50 |
| Zlínský | 65 734 | 11.28 |
| Jihočeský | 56 865 | 8.83 |
| Ústecký | 52 807 | 6.43 |
| Pardubický | 51 490 | 9.87 |
| Královéhradecký | 51 260 | 9.29 |
| Plzeňský | 47 588 | 8.08 |
| Olomoucký | 47 536 | 7.52 |
| Vysočina | 39 438 | 7.74 |
| Liberecký | 39 173 | 8.83 |
| Karlovarský | 16 500 | 5.60 |
| Unknown | 41 564 | – |
The share of domains held by foreign holders is currently 9%. The distribution of domains among Top ten countries of their domicile are shown in the table below.
| Country | Domains | ||
|---|---|---|---|
|
Slovakia | 28 580 | 28580 |
|
United States | 27 048 | 27048 |
|
Germany | 15 456 | 15456 |
|
Poland | 7 680 | 7680 |
|
United Kingdom | 6 178 | 6178 |
|
China | 5 148 | 5148 |
|
France | 5 116 | 5116 |
|
Netherlands | 4 119 | 4119 |
|
Bulgaria | 3 472 | 3472 |
|
Switzerland | 2 589 | 2589 |
| Other | 28 273 | 28273 |
The following slope graph shows the changes of the above domain counts in the last four years. Notably, the count of domains with US holders decreased, ending a period of their growth observed in the previous years. After a similarly shaped, albeit far less rapid period of growth, the count of German-held domains also decreased. The decrease in domains held by the Chinese now continues for a second year in a row. The trends for the domains held by the Slovak and Polish holders kept their usual pace of steady increase. Interestingly, there seems to be a continuously rising influx of Bulgarian-held domains, although their count still remains relatively low. Lastly, the count of domains with Swiss holders continues its downfall, reaching the last rank in this Top ten list.
The world-wide distribution of .CZ domain holder addresses is presented in the following zoomable map. Obviously, a vast majority of holders are concentrated in Western Europe and USA. New domain holders emerged, for example, in Angola, Tanzania, Guinea, and Western Sahara.
Domain Names
Each second-level domain in the .CZ registry is identified by a
unique label (the part before .cz). CZ.NIC
requires labels to obey rules of RFC 1035 that
restricts the character set to lower- and upper-case letters of the
English alphabet, digits and the hyphen symbol (“-”), and label length
to 63 characters. The distribution of label lengths is shown in this
histogram:
Of course, excessively long domain names are not very convenient, so only seven of the .CZ domains have their labels with the maximum length.
DNS Traffic
CZ.NIC currently operates 83 physical DNS servers for the .CZ zone, distributed in 26 locations in 15 countries of all continents except Antarctica. The count of servers has been reduced since 2020, mainly due to the deployment of XDP that considerably increases the DNS server performance so that less hardware is needed.
On the average, the servers are queried by 1.69 million distinct resolvers every day that send around 21.4 thousand DNS queries per second (QPS). The resolvers’ requests are delivered to the “closest” server based on IP anycast routing configuration. The resulting global communication pattern is depicted in the following diagram showing average QPS distribution from top-15 countries in 2024.
In 2024, CZ.NIC deployed two new anycast nodes in Los Angeles and Kyiv. CZ.NIC also built a third DNS stack in the Czech Republic, increasing anycast’s total capacity over 1Tbps and effectively strengthening connectivity. The evolution of the clients’ average round-trip time is plotted in the next graph.
DNS over IPv6
IPv6 adoption in the DNS has several aspects. From a statical point of view, a significant majority of second-level domains have authoritative DNS servers answering queries on both IPv4 and IPv6, while only 11.33% answer on IPv4-only (and 3.32% of domains have no or unrecognized NS record), as demonstrated in this pie chart based on crawler scanning data:
Note that in comparison to the previous year, the share of IPv4-only decreased by 2.04 percentage points, while the share of both IPv4 and IPv6 increased by 3.95 percentage points.
The following two graphs, however, show that IPv6 is still a minority protocol in the traffic observed on both authoritative servers for .CZ and the public ODVR resolver (retaining shares nearly identical to the previous year).
DNSSEC
DNS Security Extensions (DNSSEC) use public key cryptography for
securing DNS data. In the past fifteen years, CZ.NIC has been investing
a lot of effort into dissemination and actual deployment of DNSSEC in
second-level domains. The .CZ domain was among the first top-level
domains to implement DNSSEC. CZ.NIC also actively encourages
second-level domain administrators to use automatic DNSSEC provisioning
via CDS and CDNSKEY resource records (see RFC 7344 and 8078).
DNSSEC Deployment
The following graph shows the count of DNSSEC-secured second-level domains (blue bars) in comparison to the total count of .CZ domains (black line).
After the previous two years when the count of domains supporting DNSSEC slightly decreased, both the count of DNSSEC-secured domains (883 698) and their relative share (59.49%) increased in 2024.
DNSSEC Algorithms
An important operational aspect of a robust DNSSEC deployment is the selection of a cryptographic algorithm. The following chart shows how the mix of cryptographic algorithms in the .CZ domain evolved since 2008.
We can see that the migration from the once-dominant algorithms RSASHA1 and RSASHA1-NSEC3-SHA1, which use the weak cryptographic hash function SHA-1, slowly continues as their share is now 0.5% and 3.2% respectively. More than 73.6% domains use algorithms based on elliptic curves.
Automated Keyset Management
The AKM (Automated Keyset Management) system is a tool that allows the technical administrator of DNS to automatically manage DNSSEC for managed domains by introducing CDNSKEY into DNS. This system was launched in the .CZ domain in 2017 to enable the implementation of DNSSEC without the active participation of the registrar. The following graph shows that the count of domains secured using AKM, or CDNSKEY records, has increased significantly since then. In 2024, after seven years of AKM operation in the .CZ zone, a new version of the system was created; the robustness of the entire solution was increased and the system was simplified for users.
DANE
DANE (DNS-based Authentication of Named Entities) is a technology that uses the DNS hierarchy together with DNSSEC to validate authenticity of X.509 digital certificates.
Out of 743 827 unique mail servers specified in MX
records for all .CZ second-level domains, 935
(0.13%) had a corresponding DANE TLSA
record. Due to the concentration of mail services, the fraction of .CZ
domains using DANE-protected servers is significantly higher:
13.17% (195 604 domains).
As shown in the next graph, the count of domains with DANE-protected mail servers (on the prevalent port 25) increased significantly in 2024.
Server Software
This section illustrates estimated evolution of market shares achieved by various implementations of the most common Internet services – DNS, WWW, and email – based on data obtained by the DNS crawler tool. A caveat of this approach is that the values largely depend on the willingness of server administrators to disclose the correct information.
If a domain uses multiple servers with different implementations of a given server, then the same domain is counted repeatedly for all implementations.
Web Servers
Web services within the .CZ domain are mostly run on Apache and NGINX servers. The following graph indicates that while the Apache has possibly suffered a notable decrease (although apparently in favor of undisclosed web server implementations where Apache quite probably remains implemented), the OpenResty continues to gain ground in 2024.
Mail Servers
Finally, the following graph shows market shares of main mail servers. Of the second-level domains with a detected implementation, most is served by Postfix, although its popularity appears to be slightly declining in the last three years.