Skip to main content

DNSSEC For Securing ccTLDs in Africa

Dnssec securing cctlds africa 750x425 14oct14

Last month, we held our latest DNSSEC Roadshow in Yaoundé Cameroon from September 17-19, 2014. With about 100 participants taking part at Ecole Nationale Supérieure des Postes et Télécommunications (ENSPT), in Yaoundé. The workshop covered general awareness, capacity building in DNSSEC technical implementation and, evaluation of the current infrastructure at the ccTLD level, and next steps for DNSSEC deployment.

During the Africa DNS Forum 2014 in Abuja, Nigeria earlier this year, the discussion touched upon how ccTLDs need to make the Internet users more confident by ensuring the following:

  • Stable country code domain names services
  • Easy domain names registrations process
  • Fast processing of domain name registration requests
  • Secure ccTLDs for the domain name registrants

So we know that Africa needs to increase Internet penetration. We know that countries in Africa need support on DNSSEC deployment. Consequently, one of the ways we are tackling this at ICANN, is to make the DNSSEC Roadshow an integral part of our Africa strategy, helping encourage local expertise development and in-house deployment, by building "trust" and showcasing the potential business opportunities.

Since its launch last year, the DNSSEC roadshow has assisted countries like Kenya to get to the point where they have signed their root zone file, and others like Nigeria, Zambia, Rwanda, Senegal, and Burkina Faso, who are in the process of doing so. Moreover, this year our plan also includes Cameroon, Liberia, Botswana, Egypt and Cote d'Ivoire, already preparing to host events.

Importantly, achievements are being made on the ground in Africa. Cape Verde has completed significant steps toward the signature of the ccTLD; and both Senegal and Nigeria are promising to sign their zone by the end of this year 2014.

It is interesting to note that a category of ccTLDs in Africa is implementing the DNSSEC with their own technical resources. .tn in Tunisia joined the list of signed zone this September 2014. Some ccTLD operators are still taking time to decide one of the following options:

  • Get a third party sign the zone for them
  • Reinforce the capacity of the ccTLD staffs and do it themselves

Each of these options has pros and cons, but we believe that each ccTLD should take a decision and sign the zone as soon as possible.

Suffice to say, we are on the right road to develop the domain name industry in Africa and address some of the domain names development issues. And as always, awareness and action are key.

Information on the DNSSEC roadshow program is available at


    Domain Name System
    Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."