Today’s DNSSEC Deployment Maps have two great new additions for country-code top-level domains (ccTLDs): Australia’s .AU domain and Grenada’s .GD domain both had their DS record published in the root zone of DNS over the past few days. What this means is that anyone who has registered a domain in .AU or .GD may soon be able to gain the increased security of signing their own domain with DNSSEC and tying it into the “global chain of trust” of DNSSEC. To be clear, these two ccTLDs have entered the 4th of 5 stages of DNSSEC deployment where the DNSSEC chain of trust now extends from the root of DNS to the ccTLD itself. The next “Operational” stage is where the ccTLD starts accepting DNSSEC records from registrants. Hopefully that time will not be far away for both of these ccTLDs. (To get ready, please visit our Start Here page to find out how you can prepare your organization to work with DNSSEC.)
Given Australia’s large size on a map, the new “DS in Root” bright green shows up wonderfully in the global view:
and even better in the Asia Pacific view:
Unfortunately with the resolution of our maps you can’t really see Grenada on the Latin America map, but I can tell you that it is one of the six ccTLDs in the “DS in Root” stage in the map:
Congratulations to the teams at both ccTLD registries!
In the case of Australia’s .AU, the registry organization, auDA, has been experimenting with DNSSEC since back in 2008 and 2010, and signed the .AU zone back in April 2014 (entering into our “Partial” state on the maps). The news this past week is the culmination of all that work over several years. AuDA has also published two pages of interest:
- DNSSEC page, showing their intended deployment timeline
- Interim DNSSEC Policy and Practice Statement (DPS) for the .au Domain
We look forward to learning that auDA is accepting DNSSEC records from .AU registrants and enters the fully “Operational” state.
In the case of Grenada, the first we knew was when the DS record was published in the root zone (seen on stats sites like this one). I couldn’t see any further information on Nic.gd, so I don’t know their further plans at this point. Regardless, it was a wonderful surprise to learn that .GD was signed and had the DS record in the root zone!
All great to see! We’re looking forward to the day when our DNSSEC deployment maps are all green!
If you want to get started with DNSSEC – or just learn more of what it is all about, please visit our Start Here page to find resources tailored for your type of organization or role.