Perhaps old news to some/many of you who got the news earlier via Twitter:
https://twitter.com/VDukhovni/status/1066050163356127232
but for anyone who missed it, yesterday saw an ~120% jump in the number/fraction of DNSSEC signed domains that have DANE TLSA records for their MX hosts:
http://stats.dnssec-tools.org/#graphs
As of today, ~739 thousand or ~8.4% out of the ~8.76 million domains covered in my DANE/DNSSEC survey have DANE TLSA records for all their MX primary hosts. Indeed all but ~1900 have DANE TLSA records for all their MX hosts, primary or otherwise.
This is a result of DNSSEC and DANE TLSA deployment at one.com, where ~400k DNSSEC-signed customer domains that are MX-hosted by one.com now have MX hosts with signed TLSA records. Thanks and congratulations to one.com for helping to move DANE adoption to this new level.
I hope that more providers will do likewise soon, and that DANE will before too long become the norm for DNSSEC-signed domains.