While I am spending time on APNIC’s security workshop here at APNIC 46, I got curious about DNSSEC deployment across ccTLDs. For those who may be unaware, DNSSEC adds signature the DNS responses making it possible to cryptographically verify a DNS query response. Out of 254 ccTLDs, 125 support DNSSEC with a published DS record (at least that is what I get when I check their zone) and 129 do not support it as yet.
Bangladesh’s .bd ccTLD faced another outage. As I mentioned in one of the previous posts - .bd domain seems to be primarily on BTCL (AS17494). Zone delegation of .bd is still pending with PCH and while PCH is mentioned in NS records of the authoritative DNS servers but delegation is pending in the root DNS servers as per reply from Kabindra from PCH on the bdNOG mailing list during the last outage.