Last Friday Tunisia became the latest country to be able to offer people registering domains in their country-code top-level domain (ccTLD) the higher security and trust that comes with DNSSEC. On September 26, 2014, DS records appeared in the root zone of DNS for two TLDs:
People who subscribe to our weekly distribution of DNSSEC deployment maps will have seen in the email message that went out this morning a new bright green country on the northern coast of Africa:
The data files will also reflect the status of the Arabic internationalized domain name (IDN) .تونس although the data files reference that as “xn--pgbs0dh”.
Now, it is important to note that while the TLDs themselves are signed with DNSSEC and have a DS record in the root zone of DNS, this does NOT necessarily mean that second-level domains under these two TLDs can sign their domains and submit the DS records to the TLD registries. That “Operational” stage of DNSSEC deployment will hopefully come soon, but that is something the TLD registries themselves have to start doing. Please read our 5 Stages of DNSSEC Deployment page to understand where these TLDs are in the deployment cycle.
What this does mean is that there is one fewer barrier in the way for domain registrants who want to sign their domain under either .TN or .تونس. At some point soon they will hopefully be able to follow our information about how to sign your domain and upgrade the security of their domains.
Congratulations to the Agence Tunisienne d’Internet in Tunisia for making this happen! It’s great to see ccTLDs throughout Africa starting to add the security of DNSSEC – we look forward to seeing the whole continent appear green on our maps!