On 10/24/13 9:12 AM, "Chris Thompson" <[email protected]> wrote:
>At 13:01 23-10-2013, Edward Lewis wrote: >>My sensors show 4 new gTLDs in the last hour or so...IDN, >>non-ccTLD...added between 1800 and 1900 UTC. > >Not mentioned yet is that all four appeared already signed and with >DS records in the root zone. Funny you should mention that... I just published a post this morning promoting that fact: http://www.internetsociety.org/deploy360/blog/2013/10/4-newgtlds-launched-y esterday-marks-dawn-of-dnssec-from-the-start-tlds/ >From a DNSSEC-advocacy point of view, this is a great step forward as all new domains registered under these newgTLDs will at least have the *option* of being secured by DNSSEC. >But... the two Cyrillic gTLDs (xn--80asehdb & xn--80aswg) are a bit >broken, in that NXDOMAIN responses don't validate properly. Neither >dnssec-debugger.verisignlabs.com nor dnsviz.net are able to analyse >validations problems for NXDOMAIN responses, so I am not quite sure >why yet, but e.g. > > dig +dnssec www.xn--80asehdb. > dig +dnssec www.xn--80aswg. > >give SERVFAILs which can be avoided by adding the +cd option. Hmmm... interesting. Perhaps some work is still needed on the operational front there... Dan -- Dan York Senior Content Strategist, Internet Society [email protected] <mailto:[email protected]> +1-802-735-1624 Jabber: [email protected] <mailto:[email protected]> Skype: danyork http://twitter.com/danyork http://www.internetsociety.org/deploy360/ _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
