Tuesday, December 17, 2013

More New Generic Top Level DNS Domains

Since the inaugural set of four new generic top level domains (gTLDs) was announced six weeks ago, the tally of new gTLDs has grown to 35. And the number of new gTLDs will likely continue to grow well into the hundreds during 2014 as respective domain applicants work through the approval process. Even today, the 35 newly delegated TLDs comprise just over 10% of the 343 TLDs in the Internet root zone.

The table below summarizes the status of the today's TLDs by type (country code, generic, etc.), whether internationalized or not, and whether DNSSEC-signed or not. Starting at the bottom of the table, of the three generic-restricted TLDs, .biz, .name and .pro, only .biz is signed and clearly none of them are internationalized. The .arpa infrastructure domain is signed as well. None of the so-called sponsored TLDs are internationalized and about half are signed. All of the generic TLDs are signed, and the 35 new gTLDs fall within this row. In fact, all new gTLDs must be signed as required by the new gTLD program. And for the first time, we have five gTLDs so far that are also internationalized, thanks also to the program.

SignedUnsigned
IDNNon-IDNIDNNon-IDN
Country Code TLD128924160
Generic TLD53400
Sponsored TLD0708
Infrastructure TLD (.arpa)0100
Generic-restricted TLD0102

All of this may be quite interesting, but how does this affect you? Certainly you should be aware of an inflow of new TLDs in the DNS, which affords the opportunity to register subdomains within appropriate TLDs. For example, if your organization seeks to reach a certain population which uses a non-Latin based language, publishing your domain name (and website) in native language could attract and simplify reachability to your web infrastructure.

Secondly as new gTLDs move towards production, an increasing proportion of DNSSEC-signed zones will rise accordingly. Signed TLDs extend the DNSSEC chain of trust down from the root through a growing proportion of the TLD layer, and ultimately to second level domains typically administered by organizations, enterprises, governments, etc. Such a linked chain of trust simplifies the process of DNSSEC signature validation on the part of validating resolvers, which can authenticate domain information and verify information integrity using the root trust anchor.

Speaking of DNSSEC validation, according to Verisign Labs, alas, less than 5% of resolutions are performed by validating resolvers. Some large broadband and wireless providers have enabled DNSSEC validation within their recursive servers, but many have yet to do so. Much like the case with IPv6, opportunities for use of DNSSEC are growing as the Internet evolves, but it requires some work to participate. DNSSEC can help build a more secure Internet, so if your TLD(s) support DNSSEC signing, I encourage you to investigate implementing DNSSEC. And if any of your TLDs are internationalized, internationalizing your domain label may likewise be worthy of analysis.

You can follow the links to these web resources to keep up with the new gTLD program at ICANN, IANA for a listing and types of TLDs, and ICANN Research regarding TLD signing status.