Change starts with identifying what is or isn’t working. This has certainly been the case in Burundi, where, in the span of three months, the local Internet community identified and amended a critical security weakness to become the 169th country to have secured its country-code Top-Level Domains (ccTLDs) with Domain Name System Security Extensions (DNSSEC).
This story starts in May this year (2025), when the Internet Society Burundi Chapter organized a workshop with ICANN, and the .bi administrator, the Burundi National Center for Information Technology, to discuss why the country had not adopted DNSSEC.
Aujourd'hui 07 Mai 2025, seconde et dernière journée de l'atelier de formation sur le déploiement et d'adoption du DNSSEC" au Burundi. Les participants ont effectués des travaux pratiques de groupe. pic.twitter.com/TejUqMfwYi
— ISOC BURUNDI Chapitre Burundais d'Internet Society (@isoc_burundi) May 7, 2025
“We noticed in the Internet Society Pulse Country Report that Burundi had not yet deployed DNSSEC,” reminisces Francis Cubahiro, Internet Society Burundi Chapter Chair. “As a stakeholder in the resilience and security of our country’s Internet, we wanted to initiate a collaborative process to encourage the effective deployment of DNSSEC and initiate a national dialogue on the management of .bi.”
The objectives of the workshop were to:
- Build the DNS and DNSSEC capacity of local stakeholders (CNI, Afriregister, the Burundian Telecoms Regulator (ARCT), and the University of Burundi).
- Create a framework for dialogue around the role of the .bi domain in Burundi’s digital transformation.
- Raise awareness of the issues, challenges, and opportunities related to secure DNS management.
- Initiate national strategies for gradually deploying DNSSEC and better using .bi as a pillar of the local digital economy.
Francis says that these open, face-to-face discussions and people’s commitment to the workshop recommendations allowed .bi to adopt DNSSEC quickly.
A great milestone for the security of the ccTLD of Burundi. pic.twitter.com/RkMqCQ7iJa
— ISOC BURUNDI Chapitre Burundais d'Internet Society (@isoc_burundi) August 2, 2025
Eyes now turn to Ethiopia, Ghana, Niger, and Nigeria
A week after the Burundi workshop, the Internet Society Niger Chapter hosted a two-day, online DNSSEC training to raise awareness and train stakeholders in Niger’s Internet ecosystem on the security challenges of the domain name system.
The training was part of a DNSSEC Roadshow initiative under the Coalition for Digital Africa (CDA), which was supported by members of the Internet Society Kenya and Sudan Chapters and targeted Benin, Ethiopia, Ghana, and Nigeria.
Trainer Joel Okomoli, from the Internet Society Kenya Chapter, says the initiative was born out of a workshop the Sudan Chapter had helped the Internet Society Lebanon Chapter with in 2024, resulting in .lb adopting DNSSEC shortly after.
“We find this is a cost-effective and proven way to engage and empower local stakeholders to make an impact,” says Joel, noting how the recent training had also helped Benin sign its zone and become compliant.
With around 20 other countries in Africa whose ccTLD registrars have not yet adopted DNSSEC, Joel and his colleagues are taking stock of their achievements and are already planning their next series of training.
What is the DNS?
Just about every Internet communication starts with a Domain Name System (DNS) lookup.
The DNS is an essential piece of Internet infrastructure that translates human-friendly names (internetsociety.org) into computer-friendly numbers (2001:41c8:20::b31a).
Like many other Internet components, the DNS started without any security features in a vastly different Internet landscape. Today, security and trustworthiness are vital foundations for the ongoing evolution and growth of a robust Internet that benefits users everywhere.
DNS Security Extensions (DNSSEC) was developed to provide an additional level of security using cryptographic techniques to validate the authenticity of DNS information.
You can continue to observe the steady increase in ccTLD DNSSEC adoption and DNSSEC validation adoption via our Pulse Enabling Technologies page.
Learn more about DNSSEC
Image by Internet Society Burundi Chapter via X