DNS Security Extensions (DNSSEC) Roadshows

Encouraging Domain Name System (DNS) operators, registries, and registrars in select African countries to implement and deploy DNS Security Extensions (DNSSEC), while working with network operators to turn on DNSSEC validation. This effort will ultimately lead to the development of a DNS resource portal for Africa.

The Goals
of The Initiative

1/2

Drive awareness and build understanding of the importance of the DNSSEC, and to increase DNSSEC adoption and deployment in Africa.

2/2

Spearhead DNSSEC deployment and validation by conducting capacity development and hands-on training sessions called “deployathons” in at least 15 additional countries in Africa in three years.

What Will This Initiative Achieve?

Africa lags behind other regions in the world in deploying DNSSEC. The DNSSEC roadshows will address that lag by raising awareness on how DNSSEC strengthens authentication in the DNS using digital signatures based on a public key that adds data origin authentication and data integrity protection. This encourages deployment and contributes to achieving a better protected DNS and more secure Internet infrastructure in Africa.

As a result of increased awareness, we expect greater adoption of DNSSEC by registries and registrars, as well as DNSSEC validation by network operators in Africa, resulting in:

Overall improved DNSSEC deployment across many ccTLDs in Africa.
Increased uptake of DNSSEC at the second and third levels of domain names.
An online DNS resource portal and library.
More secure and resilient DNS infrastructure in Africa.
Greater percentage of DNSSEC validation among African DNS Operators.

Applications Now Closed

The project will select up to 13 ccTLD operators to participate in the DNSSEC Roadshows Project. However, please note that the application window for the initial seven slots, which were available for ICANN fiscal year 2024 (July 2023 - June 2024), is now closed.

Selected ccTLD operators will receive technical training and support for DNSSEC deployment and validation. They will also be invited to co-host a training session for Internet Service Providers and network operators in their respective countries to build awareness and understanding of the importance of the DNSSEC.

Eligibility And Requirements

Eligibility

African ccTLD operators interested in DNSSEC deployment and validation and in promoting DNSSEC adoption in their respective countries.

Requirements

ccTLD operator has an up to date documentation of the current ccTLD infrastructure (e.g., registry model, network architecture, zone distribution flow, protocols in use, etc.) which can be shared with the assigned DNSSEC roadshow consultant.
ccTLD operator has a stable (properly working) DNS infrastructure (registry system and DNS service). Operators may go through the KINDNS platform to self-assess themselves and improve their operational practices before submitting their application. Alternatively, they can also run online tools such as Zonemaster and fix any issue detected.
Confirmation of engagement and endorsement of the registry manager on the project implementation.
Appointment of a project manager by the Registry for this project.

Additional Supporting Information - Optional

Evidence on the existence of additional documentation such as operational policies, technical procedures (backup, monitoring, DRP, etc.), if available.
Evidence of the technical team maturity in running DNS (training received, project delivered, etc.), if available.
Description of the ccTLD engagement with the local community (registrars, ISPs, network operators, etc.).
Any additional information to support your application.

This opportunity is available for ccTLDs that have not yet adopted DNSSEC, as well as for those looking to increase the uptake of DNSSEC at the second and third levels of domain names.