In the six weeks since I blogged about the emergence of new generic Top Level Domains (gTLDs) in the root zone, eighty-four new gTLDs have been delegated. This brings the total number of TLDs, including country code TLDs (ccTLDs) to 427. Of the recently added eight-four gTLDs, nine are internationalized, and this brings us to fifty internationalized TLDs, comprising a mix of both gTLDs and ccTLDs.
And thanks to the signing requirement of the new gTLD program, all eighty-four domains are signed with DNSSEC. This brings the number of signed TLDs to 235, with 229 having delegation signer (DS) records in the root zone. Signed TLDs under which you register domain names, especially those with DS records in the root zone, streamline the process for resolvers to validate your signed name space. Resolvers need only maintain the root zone public key (trust anchor) to validate signed subtrees of the global DNS namespace. As long as each domain along this chain down to your zone is signed, a resolver can validate your signatures using the root trust anchor. This "chain of trust" is linked via DS records, which are published in a parent zone and authenticate a child zone's public key.
With more signed TLDs, especially if yours is/are signed, your path to securing your name space becomes simpler. The table below reflects todays status, updated since my prior post. Other than the addition of eighty-four gTLDs (9 IDN and 75 non-IDN), the .name generic-restricted TLD was signed, moving one tally from unsigned non-IDN to signed non-IDN in that row.
|Country Code TLD||12||90||24||159|
|Infrastructure TLD (.arpa)||0||1||0||0|