Over in Amman, Jordon, today our Internet Society colleague Frédéric Donck gave a keynote address at the Middle East DNS Forum where I know he was planning to speak about DNSSEC and our interest in advancing the deployment so that together we can make the Internet more secure via a more secure DNS infrastructure. (His talk was also going to cover Internet governance and infrastructure development topics.) The folks at the Middle East DNS Forum were kind enough to tweet out a photo of Frédéric in action:
In preparation for his presentation at the meeting, I provided Frédéric with a snapshot of our weekly DNSSEC Deployment Maps for the Middle East region (the colors represent the 5 stages of DNSSEC deployment):
As you can see, there’s definitely room to have more of the country-code top-level domains (ccTLDs) signed in the region. From what the database shows, I have this information:
- Lebanon has signed .LB and the DS record is in the root of DNS.
- Afghanistan has signed .AF and the DS record is in the root of DNS.
- Turkey (.TR) is “Announced” because a representative of the registry contacted me with their plans ( and they publicly announced their plans at the ICANN Turkey DNS Forum in November 2014).
- Israel is in the “Announced” state because a representative of the .IL registry contacted me with their plans.
- Iraq (.IQ) and Iran (.IR) are in “Experimental” because activity was observed a few years back.
For Lebanon and Afghanistan, they could be in the “Operational” stage and be accepting DS records from domain registrants. We just don’t know because we have no way to find out unless either: 1) someone from the registry tells us (and I haven’t yet tried to contact these ccTLDs to know); or 2) someone who has registered a domain in those ccTLDs lets us know.
Although the agenda of the Middle East DNS Forum is mostly not about technical topics, I do hope Frédéric’s discussion will ignite some interest and we can start seeing the Middle East region joining the rest of the world in providing a way to secure the integrity of DNS information within the ccTLDs.
In fact, if you are visiting our site as a result of that Forum, please do visit our Start Here page to find out how you can begin with DNSSEC – or please contact us so that we can help you find the appropriate resources.
Let’s fill in that map and get the whole region to be green!
P.S. If anyone has more information about the DNSSEC deployment status of ccTLDs in that region, please do let me know – I’d be glad to update the maps.