Reply to comment:

Matthäus Wander
Thanks for this interesting article. I've performed a similar measurement counting validating clients and can confirm that Sweden and the Czech Republic are also top scorers in my result set (SE 56%, CZ 36%). I do not have enough test results from Libya, Slovenia or Palestine to say anything about your other top scorers. In general, my validation ratios are a bit lower (e.g. Germany 3.6%, U.S. 13.3%). For Turkey and Vietnam I do have several hundred results, but validation is 0%. [1] In case you're interested, I will present my methodology and results at DNS-OARC Workshop 2012 in Toronto. Google public DNS is definitely not validating DNSSEC signatures, this is stated in their FAQ. [2] I don't understand fully which criteria you applied to determine whether validation is enabled. The article suggests you look for HTTP queries on a correctly and an incorrectly signed domain name (I used something similar to this), while in your comment, you say you look for DNSKEY queries. Could you clarify this? About 1.5% of my negative results (no DNSSEC validation) included a DNSKEY query. [1] https://www.vs.uni-due.de/personal/wander/dnssec_2012-09-11_cc.txt [2] https://developers.google.com/speed/public-dns/faq#dnssec