In the second half of 2023, five more countries joined the ranks of those with secured country-code Top Level Domains (ccTLD) and security keys deployed in the DNS root zone.
Just about every Internet communication starts with a Domain Name System (DNS) lookup. The DNS is an essential piece of Internet infrastructure that translates human-friendly names (internetsociety.org) into computer-friendly numbers (2001:41c8:20::b31a).
Like many other Internet components, the DNS started in an insecure form in a vastly different Internet landscape. Today, security and trustworthiness are vital foundations for the ongoing evolution and growth of a robust Internet that benefits users everywhere. DNS Security Extensions (DNSSEC) were developed to provide an additional level of security using cryptographic techniques to validate the authenticity of DNS information.
To date, 158 countries have DNSSEC-enabled ccTLDs, with Anguilla (.ai), Ecuador (.ec), Eritrea (.er), Iran (.ir), and Philippines (.ph) joining this group in the second half of 2023. As discussed in an earlier post, the Botswana (.bw) domain, signed in 2016, reverted to an insecure state in mid-2022. There have been recent signs of activity, though, and I’m hopeful we can report the .bw domain is signed again very soon.
Signing the domain and installing security keys in the root zone of the DNS is only a first step to more widespread DNSSEC deployment, but it’s an important one. Incentivizing registrants to sign their domains is also crucial, as is encouraging ISPs to enable DNSSEC validation in the recursive resolvers they provide to their subscribers.
You can continue to observe the steady increase in ccTLD DNSSEC adoption and the adoption of DNSSEC validation via our Pulse Enabling Technologies page.
Learn more about DNSSEC.
What is the DNS?
Just about every Internet communication starts with a Domain Name System (DNS) lookup. The DNS is an essential piece of Internet infrastructure that translates human-friendly names (internetsociety.org) into computer-friendly numbers (2001:41c8:20::b31a). Like many other Internet components, the DNS started without any security features in a vastly different Internet landscape. Today, security and trustworthiness are vital foundations for the ongoing evolution and growth of a robust Internet that benefits users everywhere. DNS Security Extensions (DNSSEC) was developed to provide an additional level of security using cryptographic techniques to validate the authenticity of DNS information.
Photo by Shahab Zolfaghari on Unsplash