June 13, 2026
18 min read
On 28 March 2026 IPv6 crossed half of Google's traffic — the eyeball Internet reached the majority. We pointed an AAAA-typed crawl at 315 million registry domains to measure the other half of the question, and the content Internet looks nothing like it: only 20.4% of domains publish any IPv6 address, Cloudflare alone generates 44.7% of it, and 45% of all domain IPv6 is a CDN edge in front of an origin that may still be IPv4-only. Strip the CDNs and origin-native IPv6 falls to 11%. This is server-side IPv6, measured from 1.88 billion DNS answers.
June 01, 2026
19 min read
We resolved the full DNS, MX, web-edge, and email-authentication stack of 500 Fortune 500 corporate domains against a May 2026 typed crawl. No single vendor owns enterprise DNS — 28% of the F500 still run their own. Proofpoint sits in front of 48% of mail-enabled inboxes. Akamai serves a third of the web edge. And the F500 enforce DMARC at 73% versus ~42% globally — yet MTA-STS reaches just 2.3%. This is the corporate Internet's plumbing, measured from the records themselves.
May 29, 2026
18 min read
We queried the email-authentication TXT layer directly — _dmarc, _mta-sts, default._bimi, and apex SPF — across a May 2026 DNS crawl, using MX records as the denominator. Of 150,020,997 mail-capable apex domains, 71.3% publish SPF, 34.1% publish DMARC, but only 11.7% enforce DMARC and just 9.0% run the minimum credible SPF-plus-enforced-DMARC stack. Two-thirds of DMARC records sit at p=none. MTA-STS reaches 0.144% and BIMI 0.084%. And 45.7% of all DMARC reports flow to a single registrar's default configuration. This is the state of email authentication, measured from the records themselves.
May 03, 2026
32 min read
We extracted every Kubernetes signal we could find from a 17 April 2026 DNS crawl — heritage=external-dns TXT markers AND CNAME chains terminating in managed-Kubernetes ingress endpoints (AWS ELB k8s-prefixed names, .azmk8s.io, .gke.goog, .openshiftapps.com, .k8s.ondigitalocean.com, etc.). 74,508 unique apex domains carry at least one strict-precision Kubernetes signal (41,565 with TXT markers, 34,219 with strict CNAME pointers, 1,276 in both). 20,420 distinct cluster identities are visible. 13,620 apexes (32.8% of TXT-marker side) use the literal string "default" as their cluster identifier. 815 use the literal example strings from the ExternalDNS README. 6,842 apexes publish a sensitive Kubernetes namespace (argocd, vault, kube-system, istio-system) to public DNS. 1,936 apexes have already migrated to the Gateway API. This is the first combined-signal cluster-identity census of the public Kubernetes footprint.
May 02, 2026
21 min read
We classified every TXT record from a 17 April 2026 DNS crawl — 840 GB of raw JSONL (56 GB after xz compression) — and built a vendor census from the verification tokens domains leak into DNS. 40.2 million unique apexes carry at least one tracked SaaS verification token. Google's 26.0 million-apex footprint is 3.4x Microsoft 365's 7.6 million. Domain marketplaces (AfterNic + dan.com + 4.cn + Aliyun + west.cn + 17ex + Sedo + DomainEasy) collectively touch 5.0 million apexes — more than Atlassian, Stripe, Adobe, Apple, and DocuSign verification tokens combined. Zoho's 1.23 million is the single largest non-Google, non-Microsoft SaaS verification footprint we measure. The TXT layer is the closest thing the public Internet has to a SaaS census.
March 18, 2026
11 min read
We analyzed 3 billion domains across 1,519 TLDs to map the real state of the Internet's namespace — concentration risk, ccTLD divergence, new gTLD adoption, and what it means for security researchers and domain professionals.