‹ Back
Deploy360 20 February 2014

Update on DNSSEC Deployment Maps: Github repo for tracking issues, newgTLDs, more…

Dan York
By Dan YorkDirector, Online Content

2014-01-23-2014-01-23The positive reaction to our publishing of DNSSEC deployment maps has been great to hear and I wanted to provide a quick update.

1. The DNSSEC deployment maps are published every MondayThe best way to receive the most current maps is to subscribe to the dnssec-maps mailing list.   I will be updating our DNSSEC Deployment Maps web page from time to time when there are major changes, but the most recent maps will always go out to the mailing list.  (I’d love to automate the posting to the web page – ideas about how to do so in WordPress are definitely welcome!)

2. There is a Github repository where you can file issues/suggestions. In preparation for making the source code publicly available, we’ve created a repository on Github at https://github.com/Deploy360/dnssec-maps/ We still need to do make some changes to the code to make it publicly available, but in the meantime the major feature of the Github repo is that we now have a convenient place to track “issues”, which could be bugs or feature ideas or more.  If you have a Github account (or want to create a free one), you are welcome to raise issues at:


I don’t have a timeframe for when we’ll make the code available – it’s honestly a bit of a background task that I’m trying to fit in amongst everything else and with IETF 89 fast upon us it may not happen for a few weeks.  Meanwhile, though, the issue tracker is already being helpful.

3. All newgTLDs have been entered up to now. I finally caught up with the backlog of all the DNSSEC-signed “new generic top-level domains (newgTLDs)” that have been delegated by ICANN and now have a DS record in the root zone.  These newgTLDs don’t show up in the DNSSEC deployment maps but do show up in the CSV files that are emailed out every Monday.  Given that ICANN is delegating more newgTLDs on a weekly basis, it will be a constant effort to update our database, but at least now we’re caught up to the present time.

4. Visualizing the DNSSEC status of the generic TLDs is of interest. As I noted in a recent post here, I would like to think about how we could provide an image in the email that visualizes the DNSSEC status of all the generic TLDs, both the “newgTLDs” and all the ones that existed before.  Suggestions and ideas would be welcome, either to this post or to the “issue” on Github.

That’s the quick update… I am glad some folks are finding this service useful and welcome any comments and feedback.  Thanks!

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...

Join the conversation with Internet Society members around the world