Domain Report 2019
CZ.NIC, z.s.p.o, is an interest association of legal entities, founded in 1998 by leading providers of Internet services in the Czech Republic. The principal duties and activities of the association include operation of the .CZ domain registry and DNS servers for the .CZ top-level domain (TLD).
The annual domain report is an on-line publication that offers key statistical facts about the status and dynamics of the Czech country-code TLD (ccTLD), which is primarily used by subjects in the Czech Republic – individuals and organisations.
The graphs and tables are organised into several sections illustrating various aspects of the registry and domain operation. Most charts are interactive: additional information can be obtained by placing the mouse cursor over graphical components of such a chart. In multivariate graphs, each variable can be switched off or on by clicking on the corresponding entry in the legend.
Domain reports from previous years are available from this page.
Domain .CZ in a nutshell
As a country code TLD, the domain .CZ is primarily used by Czech subjects – individuals and organisations. By the end of 2019, almost 1.33 million second-level domains were registered under .CZ. The following time series shows a characteristic S-shaped growth of the .CZ domain in the last two decades. A relatively slow start was followed by a period of an accelerated increase in domain counts. Since 2015, however, the curve clearly becomes saturated and will likely stagnate in the near future.
Domain geography
DNS domains live in the cyberspace, but they also have several links to the earthly geography. One of them is the address of the domain holder, as indicated in the .CZ registry. Naturally, most domain holders (1.23 million, i.e. 93%) have Czech addresses. The following table shows their distribution among 14 regions of the Czech Republic and also, which is perhaps more interesting, the number of domains per 100 citizens in each region. The map on the right shows the regional distribution of domain holders graphically.
| Region | Domains | Domains per 100 citizens |
|---|---|---|
| Praha | 403,453 | 30.6 |
| Jihomoravský | 149,736 | 12.6 |
| Středočeský | 123,937 | 9.0 |
| Moravskoslezský | 93,962 | 7.8 |
| Zlínský | 54,861 | 9.4 |
| Jihočeský | 52,565 | 8.2 |
| Ústecký | 49,311 | 6.0 |
| Pardubický | 46,579 | 8.9 |
| Královéhradecký | 46,459 | 8.4 |
| Olomoucký | 45,053 | 7.1 |
| Plzeňský | 40,167 | 6.8 |
| Liberecký | 36,304 | 8.2 |
| Vysočina | 34,939 | 6.9 |
| Karlovarský | 15,232 | 5.2 |
| Unknown | 41,197 | NA |
Approximately 7% of .CZ domains (exactly 94,062) have holders with addresses in countries outside the Czech Republic. Top ten of them are shown in the table below. It is not surprising that most foreign holders are based in Slovakia – till 1992 we shared the top-level domain .CS with our Slovak friends.
| Country | Domains | ||
|---|---|---|---|
SK
|
Slovakia | 23,309 | 23309 |
DE
|
Germany | 15,907 | 15907 |
US
|
United States | 9,328 | 9328 |
GB
|
United Kingdom | 5,331 | 5331 |
PL
|
Poland | 4,785 | 4785 |
NL
|
Netherlands | 4,433 | 4433 |
FR
|
France | 4,218 | 4218 |
CN
|
China | 2,704 | 2704 |
CH
|
Switzerland | 2,633 | 2633 |
AT
|
Austria | 2,308 | 2308 |
| Others | 19,522 | 19522 |
The following zoomable map captures world-wide distribution of .CZ domain holder addresses. Interestingly enough, some .CZ domains are registered in countries like El Salvador, New Caledonia, Madagascar, and even Antarctica!
New domain registrations
During the last year, 180,331 domain registrations were performed in the .CZ domain registry. The following graph compares monthly registrations in the last three years. Besides the general trend of decreasing registration rates, we can observe a typical seasonal variability with a lot of activity in the first quarter of each year, and then another (smaller) peak in October and November.
Domain names
Each second-level domain is identified in the .CZ registry by a
unique label (the part before .cz). According to
RFC 1035, it
may consist of at most 63 characters. Excessively long domain names are
of course not very convenient, so only five of the .CZ domains have
their labels with the maximum length. On the other hand, short labels
are much more popular. In particular, all 36 one-character labels (26
letters and 10 digits) are already taken.
The following histogram shows the actual distribution of label length. The median is 10 characters.
Domain holders
The following histogram shows the distribution of individual holders (684,372 in total) according to the number of .CZ domains they hold. Evidently, a vast majority of 78% have registered just one domain name. At the opposite end of the histogram, there is a tiny group of 340 holders with more than 100 registered domains.
IPv6
The following graph illustrates the level of support for IPv6 among .CZ domains. The classification is based on the version(s) of DNS server IP addresses for each second-level domain. Although the acceptance of IPv6 (in the dual-stack deployment) has been steadily growing, the current level of 32% is still far from satisfactory. And only 87 domains have been brave enough to go IPv6-only!
DNSSEC
DNS Security Extensions (DNSSEC) use public key cryptography for securing DNS data. In the past decade, CZ.NIC has been investing a lot of effort into dissemination and actual deployment of DNSSEC. As a result, the .CZ domain was one of the first TLDs implementing DNSSEC, and with almost 60% of second-level domains supporting DNSSEC it is well above the average worldwide.
DNSSEC deployment
The following graph shows the growing number of DNSSEC-secured domains (blue bars) in comparison to the total number of .CZ domains (black line). Note that despite the observed saturation in the overall number of domains, DNSSEC penetration still appears to be steadily growing. This positive trend has probably been influenced by the introduction of Automated Keyset Management in 2017.
DNSSEC algorithms
An important operational aspect of DNSSEC deployment is the selection of cryptographic algorithm. The following graph demonstrates that the portfolio of algorithms has improved considerably in the last few years, and the weakest choices are being phased out.
DANE
DANE (DNS-based Authentication of Named Entities) is a technology that uses the DNS hierarchy together with DNSSEC to validate authenticity of X.509 digital certificates.
Out of 237,959 unique mail servers specified in MX
records for all .CZ second-level domains, only 417
(0.17%) had a corresponding DANE TLSA
record. Due to the concentration of mail services, the fraction of .CZ
domains using DANE-protected servers is significantly higher – it is
6.7% (88,869 domains).
We also identified 180 domains with DANE records for
web services running on either www.<domain>.cz or
<domain>.cz. This small number is a result of the
fact that, for several reasons, DANE has so far been largely ignored by
browser vendors.
Server software
This section provides information about software implementations that are used in the .CZ domain for the principal Internet services – DNS, web and e-mail. Data was obtained by by querying all second-level domains using the DNS crawler tool.
Web servers
Web services in the .CZ domain are mostly run on Apache and NGINX servers. Included in this poll
are “main” web pages of each domain, i.e. either
www.<domain>.cz or just
<domain>.cz, provided they exist and a web server is
running on them. As in the DNS case, several web server implementations
may be used for the same domain name. If so, that domain then
contributes to the counts of all implementations.
| Software | Domains | Servers | Domains | Servers |
|---|---|---|---|---|
| Apache | 637,044 | 31,807 | 228,070 | 8,026 |
| NGINX | 310,595 | 13,510 | 124,245 | 2,011 |
| Microsoft-IIS | 61,767 | 4,430 | 9,065 | 213 |
| OpenResty | 48,301 | 258 | 13,731 | 22 |
| ATS | 33,221 | 83 | 52 | 42 |
| Cloudflare | 8,253 | 13,284 | 7,533 | 12,947 |
| lighttpd | 840 | 184 | 45 | 22 |
| Other or unknown | 125,786 | 24,404 | 19,922 | 3,773 |
Mail servers
And finally, the following table shows the market shares of mail
servers. The data include servers indicated in all MX
records of each domain. And again, the results have to be taken with a
grain of salt – many mail administrators are reluctant to reveal their
server’s identity.
| Software | Domains | Servers |
|---|---|---|
| Postfix | 360,291 | 37,638 |
| Exim | 26,621 | 3,867 |
| Microsoft | 21,857 | 19,983 |
| Haraka | 12,712 | 31 |
| IceWarp | 11,479 | 7,876 |
| Sendmail | 5,331 | 747 |
| rblsmtpd | 2,024 | 534 |
| Kerio | 1,003 | 624 |
| Barracuda | 184 | 34 |
| Symantec | 105 | 53 |
| qmail | 75 | 33 |
| Other or unknown | 409,773 | 119,264 |
Web contents
Contents of main web pages (i.e. those with domain names
www.<domain>.cz) were classified manually using a
random sample of 1200 domains. The results are shown in the following
bar chart.
Domain as seen by resolvers
CZ.NIC currently operates more than 100 DNS servers for the .CZ zone, distributed in 17 locations, 10 countries and 4 continents. On the average, they are contacted by about 1.25 million distinct resolvers every day. The resolvers’ requests are sent to the “closest” server based on IP anycast routing configuration.
DNS queries
The number of DNS queries answered per second (QPS) by all .CZ servers varies between 12 and 18 thousand. About 30% of them are sent using IPv6. The following graph shows daily averages of QPS during the last quarter of 2019.
DNS latency
Latency of DNS transactions is an important factor affecting overall experience of Internet users. Resolvers in different parts of the world querying the .CZ zone may observe different latencies depending on on the worldwide distribution of .CZ DNS servers and IP routing configuration.
In 2019, CZ.NIC conducted analysis on reachability of .CZ DNS servers with the aim of obtaining relevant data that can be used for planning future server deployments. From DNS traffic logs we determined mean round-trip time (RTT) observed by clients of each server that send their queries using TCP. The following world map summarizes the results.
As can be expected, lowest RTT was observed for resolvers in the Czech Republic, which is the origin of about one third of all queries. In general, latency is quite satisfactory in most European countries, notable exceptions being France, Spain, Portugal and Ireland. Poor RTT of 300 ms or more (red colour in the map) was observed in a few remote areas that are, however, relatively negligible sources of queries. We also suspect that the results could have been negatively influenced by poor Internet connectivity in those countries.
The figure below plots mean RTT against the number of queries for top 50 countries in terms of the number of queries. We can clearly see that some regions, especially South-East Asia and Australia, are good candidates for future server installations.
