Last Friday Tunisia became the latest country to be able to offer people registering domains in their country-code top-level domain (ccTLD) the higher security and trust that comes with DNSSEC. On September 26, 2014, DS records appeared in the root zone of DNS for two TLDs:
People who subscribe to our weekly distribution of DNSSEC deployment maps will have seen in the email message that went out this morning a new bright green country on the northern coast of Africa:
The data files will also reflect the status of the Arabic internationalized domain name (IDN) .تونس although the data files reference that as “xn--pgbs0dh”.
Now, it is important to note that while the TLDs themselves are signed with DNSSEC and have a DS record in the root zone of DNS, this does NOT necessarily mean that second-level domains under these two TLDs can sign their domains and submit the DS records to the TLD registries. That “Operational” stage of DNSSEC deployment will hopefully come soon, but that is something the TLD registries themselves have to start doing. Please read our 5 Stages of DNSSEC Deployment page to understand where these TLDs are in the deployment cycle.
What this does mean is that there is one fewer barrier in the way for domain registrants who want to sign their domain under either .TN or .تونس. At some point soon they will hopefully be able to follow our information about how to sign your domain and upgrade the security of their domains.
Congratulations to the Agence Tunisienne d’Internet in Tunisia for making this happen! It’s great to see ccTLDs throughout Africa starting to add the security of DNSSEC – we look forward to seeing the whole continent appear green on our maps!
P.S. Tunisian flag image courtesy of Wikipedia.
Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.
We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,…
Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map…
It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a…
About The Author
More Stories
From Commitments to Practice: Internet Society’s Priorities for WSIS+20 Implementation
Final Results of the 2026 Internet Society Board of Trustees Elections and IETF Selections
Community Snapshot—March