Rwanda Signs Up for DNSSEC

Picture of Mat Ford
Technology Insights, Internet Society
Categories:
Twitter logo
LinkedIn logo
Facebook logo
May 17, 2022

It’s been a few years since ICANN helped to provide DNSSEC deployment workshops for African ccTLD registries but that effort is still paying off. The latest ccTLD to join the ranks of fully DNSSEC-capable domains is Rwanda’s .rw domain. The Rwandan ccTLD is managed by the Rwanda Internet Community and Technology Alliance and Rwanda is the 17th African country to deploy DNSSEC at the ccTLD.

Figure 1 — The adoption of DNSSEC by African ccTLDs.

.rw joins 144 other ccTLD domains that are fully DNSSEC capable. There are 104 ccTLD domains that have yet to fully enable DNSSEC. Those unsigned domains are more vulnerable to various kinds of attacks that could result in denial of service for domain registrants, manipulation of data and perhaps most worryingly, theft of authentication credentials.

Signing the domain and installing security keys in the root zone of the DNS is only a first step to more widespread DNSSEC deployment, but it’s an important one. Incentivising registrants to sign their domains is also key, as is encouraging ISPs to enable DNSSEC validation in the recursive resolvers they provide to their subscribers.

You can continue to observe the steady increase in ccTLD DNSSEC adoption and the adoption of DNSSEC validation via our Pulse Enabling Technologies page.


Learn more about DNSSEC here.

Just about every Internet communication starts with a Domain Name System (DNS) lookup. The DNS is an essential piece of Internet infrastructure that translates human-friendly names (internetsociety.org) into computer-friendly numbers (2001:41c8:20::b31a). Like many other components of the Internet, the DNS started out without any security features in a vastly different Internet landscape. Today, security and trustworthiness are vital foundations for the ongoing evolution and growth of a robust Internet that benefits users everywhere. DNS Security Extensions (DNSSEC) was developed to provide an additional level of security using cryptographic techniques to validate the authenticity of DNS information.


Photo by Omar Flores on Unsplash