The global Domain Name System (DNS) has functioned as the Internet's de facto name resolution system since the 1980's. Its design goals centered around systems and operational issues and did not account for very many security issues.

More recently, the DNS Security Extensions (DNSSEC) have been proposed (RFC-4033, RFC-4034, RFC-4035). The deployment efforts of DNSSEC are described in many places, including the DNSSEC Deployment Initiative.

To aid people's understanding of the size, scope, and trends of the global rollout of DNSSEC, the SecSpider project has maintained a historical view of various information about zones since early in 2005.

The list of zones that SecSpider uses is a combination of zones that have been submitted by users (via the online submission form), crawled from a large list of over 2.5 million zones, and walked (via NSEC walking).

SecSpider interrogates zones for certain data and behaviors and then classifies them as "secure" or not. In order for a zone to be identified as secure all nameservers that serve the zone must meet the following criteria:

• Must support EDNS0
• Must have RRSIG records attached to resource record sets (RRsets)
• Must not have a CNAME for the zone's domain name
• Must provide NSEC records for denial of existence

SecSpider is a globally distributed polling system that crawls its list of secure zones once every day. Its pollers are distributed in order to verify that observed data is consistent from various locations and is robust against any local network effects or phenomenon.