[dns-operations] It's begun...
Dan York
york at isoc.org
Thu Oct 24 13:20:48 UTC 2013
On 10/24/13 9:12 AM, "Chris Thompson" <cet1 at cam.ac.uk> wrote:
>At 13:01 23-10-2013, Edward Lewis wrote:
>>My sensors show 4 new gTLDs in the last hour or so...IDN,
>>non-ccTLD...added between 1800 and 1900 UTC.
>
>Not mentioned yet is that all four appeared already signed and with
>DS records in the root zone.
Funny you should mention that... I just published a post this morning
promoting that fact:
http://www.internetsociety.org/deploy360/blog/2013/10/4-newgtlds-launched-y
esterday-marks-dawn-of-dnssec-from-the-start-tlds/
>From a DNSSEC-advocacy point of view, this is a great step forward as all
new domains registered under these newgTLDs will at least have the
*option* of being secured by DNSSEC.
>But... the two Cyrillic gTLDs (xn--80asehdb & xn--80aswg) are a bit
>broken, in that NXDOMAIN responses don't validate properly. Neither
>dnssec-debugger.verisignlabs.com nor dnsviz.net are able to analyse
>validations problems for NXDOMAIN responses, so I am not quite sure
>why yet, but e.g.
>
> dig +dnssec www.xn--80asehdb.
> dig +dnssec www.xn--80aswg.
>
>give SERVFAILs which can be avoided by adding the +cd option.
Hmmm... interesting. Perhaps some work is still needed on the operational
front there...
Dan
--
Dan York
Senior Content Strategist, Internet Society
york at isoc.org <mailto:york at isoc.org> +1-802-735-1624
Jabber: york at jabber.isoc.org <mailto:york at jabber.isoc.org>
Skype: danyork http://twitter.com/danyork
http://www.internetsociety.org/deploy360/
More information about the dns-operations
mailing list