[dns-operations] It's begun...

Dan York york at isoc.org
Thu Oct 24 13:20:48 UTC 2013

On 10/24/13 9:12 AM, "Chris Thompson" <cet1 at cam.ac.uk> wrote:

>At 13:01 23-10-2013, Edward Lewis wrote:
>>My sensors show 4 new gTLDs in the last hour or so...IDN,
>>non-ccTLD...added between 1800 and 1900 UTC.
>Not mentioned yet is that all four appeared already signed and with
>DS records in the root zone.

Funny you should mention that... I just published a post this morning
promoting that fact:


>From a DNSSEC-advocacy point of view, this is a great step forward as all
new domains registered under these newgTLDs will at least have the
*option* of being secured by DNSSEC.

>But... the two Cyrillic gTLDs (xn--80asehdb & xn--80aswg) are a bit
>broken, in that NXDOMAIN responses don't validate properly. Neither
>dnssec-debugger.verisignlabs.com nor dnsviz.net are able to analyse
>validations problems for NXDOMAIN responses, so I am not quite sure
>why yet, but e.g.
>  dig +dnssec www.xn--80asehdb.
>  dig +dnssec www.xn--80aswg.
>give SERVFAILs which can be avoided by adding the +cd option.

Hmmm... interesting.  Perhaps some work is still needed on the operational
front there...


Dan York
Senior Content Strategist, Internet Society
york at isoc.org <mailto:york at isoc.org>   +1-802-735-1624
Jabber: york at jabber.isoc.org <mailto:york at jabber.isoc.org>
Skype: danyork   http://twitter.com/danyork


More information about the dns-operations mailing list