[dnssec-coord] Thoughts on when to designate a newgTLD as "Operational" in DNSSEC deployment maps?

Dan York york at isoc.org
Tue Apr 15 13:05:59 PDT 2014


DNSSEC-coord members,

I have a question upon which I'd love your advice/feedback.  In the DNSSEC Deployment Maps[1] that we distribute weekly we do include the current status of all the newgTLDs.  They don't show up in the maps, of course, but do appear in the accompanying CSV files.  So far I have just indicated when they have a "DS in Root" which is easy to determine from sites like Rick Lamb's https://rick.eng.br/dnssecstat/

The question is how to know when to move them to "Operational" status meaning that they are accepting signed delegations from registrars/registrants.  Really the only way to know this is to contact or watch each registry somehow... and there are too many of them for me to do that.

It was pointed out to me in Singapore by Duane Wessels that all newgTLDs have to use the Centralized Zone Data Service (CZDS)[2] and that someone ought to be able to query the CZDS and come up with a site showing which domains have signed domains.

It turns out that someone is already sort of doing this at this site: http://ntldstats.com/  where we learn the fact that of 486,070 registered newgTLD domains, only a whopping 915 of them are signed. :-(

If you go onto this specific page, though, http://ntldstats.com/tld , you can see how many signed domains are under each of the newgTLDs.  I would not have guessed that the order would be .TIPS, .TATTOO, .SEXY and .EMAIL.

Anyway, my thinking is to designate a newgTLD as "Operational" in the maps database once it passes some number of signed domains in a list like the one on this site.  Because there may be some experimental or operational domains that could be signed by the registry before making it available to all, I don't think the existence of 1 or 3 domains may be enough to say "Operational".  Part of me says perhaps "5"... or maybe 10 just to be safe.

What do you think of that as a mechanism?  Do you think it would be fair to list a newgTLD as "Operational" when it has, say, 10 or more signed domains inside the TLD?

Or does anyone have another suggestion?

Thoughts and comments are appreciated.
Thanks,
Dan


[1] http://www.internetsociety.org/deploy360/dnssec/maps/
[2] http://newgtlds.icann.org/en/program-status/czds
--
Dan York
Senior Content Strategist, Internet Society
york at isoc.org<mailto:york at isoc.org>   +1-802-735-1624
Jabber: york at jabber.isoc.org<mailto:york at jabber.isoc.org>
Skype: danyork   http://twitter.com/danyork

http://www.internetsociety.org/deploy360/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://elists.isoc.org/pipermail/dnssec-coord/attachments/20140415/9ab95068/attachment.html>


More information about the dnssec-coord mailing list