African TLD registries yet to deploy DNSSEC


Lack of political willingness and weak management of country code top-level domains has led to slow implementation of DNS Security Extensions in Africa.

Africa was expected to extensively implement DNSSEC because it had no legacy registry systems, the few operational registries were manual and it was expected that DNSSEC would be implemented after the automation process.

DNSSEC provides a set of new extensions to the DNS, protecting the Internet from distributed denial of service attacks, DNS cache poisoning and sabotage. DNSSEC uses digital signatures allowing the users to determine whether the information has been altered in anyway.

DNSSEC implementation formally began in July last year, at a ceremony known as "signing of the root zone." Root signing signaled the beginning of IPv6, DNSSEC implementation and use of internationalized domain names.

"Of the 67 TLD zones that are signed today, only two African countries are listed (.NA and .SC); this is bad, but if we look at the state of our DNS (ccTLD) landscape in the region the situation is not that surprising -- there is still a lot to do to reinforce our ccTLD infrastructure with a proper management," said Adiel Akplogan, CEO of AfriNIC, the organization tasked with managing IP resources in the region.

For DNSSEC to be implemented, countries argue that there must be demand, which is created by a vibrant e-commerce industry and online banking. This online vibrancy is missing in many African countries.

"For DNSSEC deployment to be successful, demand must be created. The push for its implementation by end-users can only come if users are aware of what DNSSEC has to offer as far as security and resilience of internet is concerned," said Joe Kiragu, administrative manager at KENIC, the .Ke registry.

The role of government in managing Internet resources has been subject to debate with some countries questioning the role of the U.S. government in Internet governance. So, many TLDs in the region have had to consult with governments before implementing any changes to the ccTLD registry.

"We have to appreciate potential political ramifications; we will raise the matter with our government because the .ZA namespace is a national resource over which our government bears some custodianship," added Vika.

The issue of training and raising awareness has been discussed before, with some arguing that political will is needed more than the training while others hold that the problem with the continent is lack of skills and that is why policy making and appreciation of e-commerce is yet to take root.