Security findings across all gTLDs in the ICANN CZDS dataset. Does not cover ccTLDs or legacy TLDs outside CZDS.
Domains Analyzed
240,321,597
Finding Categories
5
Last Updated
2026-02-14
1,548,300 domains (0.64% of dataset) point to nameservers indicating expired, deleted, suspended, or lame delegations. These domains have non-functional DNS and may be vulnerable to nameserver takeover if the NS domain is re-registered by a malicious actor.
1,548,300
domains affected
245,493 domains use nameservers hosted on risky TLD extensions (.buzz, .click, .club, .fun, .icu, .monster, .online, .pw, .quest, .rest, .site, .space, .surf, .top, .xyz). These nameserver domains are more likely to lapse, be abandoned, or be associated with abuse, creating a risk that an attacker could register the expired NS domain and take over DNS.
245,493
domains affected
2,209 domains across 258 typo'd nameserver base domains are vulnerable to namespace hijacking. These domains have NS records pointing to misspelled versions of legitimate DNS providers (e.g., 'cloudflare.comm' instead of 'cloudflare.com'). If the typo'd domain is unregistered, an attacker could register it and intercept all DNS queries for these domains.
2,209
domains affected
36 TLDs have >90% of domains on a single DNS provider. 62 TLDs have >70% concentration. A single provider outage could render the majority of these TLDs unreachable.
62
TLDs affected
Only 4.27% of domains across the dataset have DNSSEC enabled (10,253,427 out of 240,321,597). Without DNSSEC, domains are vulnerable to DNS cache poisoning and man-in-the-middle attacks.
4.27%
adoption rate
2,209 domains across 258 typo'd nameserver base domains are vulnerable to namespace hijacking. These domains have NS records pointing to misspelled versions of legitimate DNS providers (e.g., 'cloudflare.comm' instead of 'cloudflare.com'). If the typo'd domain is unregistered, an attacker could register it and intercept all DNS queries for these domains.
Updated 2026-02-14
1,548,300 domains (0.64% of dataset) point to nameservers indicating expired, deleted, suspended, or lame delegations. These domains have non-functional DNS and may be vulnerable to nameserver takeover if the NS domain is re-registered by a malicious actor.
Updated 2026-02-14
36 TLDs have >90% of domains on a single DNS provider. 62 TLDs have >70% concentration. A single provider outage could render the majority of these TLDs unreachable.
Updated 2026-02-14
Only 4.27% of domains across the dataset have DNSSEC enabled (10,253,427 out of 240,321,597). Without DNSSEC, domains are vulnerable to DNS cache poisoning and man-in-the-middle attacks.
Updated 2026-02-14
245,493 domains use nameservers hosted on risky TLD extensions (.buzz, .click, .club, .fun, .icu, .monster, .online, .pw, .quest, .rest, .site, .space, .surf, .top, .xyz). These nameserver domains are more likely to lapse, be abandoned, or be associated with abuse, creating a risk that an attacker could register the expired NS domain and take over DNS.
Updated 2026-02-14
Security findings are identified by analyzing nameserver records, delegation chains, and DNSSEC configurations across gTLDs. These are informational findings — not all represent active threats.