{ "@context": "https://schema.org", "@type": "NewsArticle", "@id": "https://hostdir.net/blog/bangladesh-cctld-achieves-full-dnssec-deployment-icann86-debates-verification-and-app-domain-dispute-highlights-governance-challenges", "headline": "Bangladesh ccTLD Achieves Full DNSSEC Deployment, ICANN86 Debates Verification, and .app Domain Dispute Highlights Governance Challenges", "alternativeHeadline": "From zero to full chain of trust: Bangladesh's .BD ccTLD secures 50,000 domains as ICANN86 tackles DNS abuse and a reverse hijacking case emerges.", "url": "https://hostdir.net/blog/bangladesh-cctld-achieves-full-dnssec-deployment-icann86-debates-verification-and-app-domain-dispute-highlights-governance-challenges", "datePublished": "2026-06-10T05:16:00+00:00", "dateModified": "2026-06-10T09:07:34+00:00", "author": { "@type": "Organization", "name": "HostDir News Desk", "url": "https://hostdir.net" }, "publisher": { "@type": "Organization", "name": "HostDir", "url": "https://hostdir.net", "logo": { "@type": "ImageObject", "url": "https://hostdir.net/assets/logo.svg" } }, "image": "https://hostdir.net/uploads/news/0ca93e475c2a19ba.webp", "description": "Bangladesh's .BD ccTLD deployed DNSSEC across all critical second-level domains, securing 50,000 domains. Meanwhile, ICANN86 debates email verification rules, and a WIPO panel finds reverse domain name hijacking in a .app dispute.", "articleSection": "Domains", "articleBody": "Bangladesh's country-code top-level domain (ccTLD) .BD achieved full DNSSEC deployment across all critical second-level domains by June 2026, moving from zero cryptographic protection in August 2025 to a fully validated chain of trust. The effort, led by BTCL and supported by APNIC and NSRC, secures approximately 50,000 domains including government portals, university systems, and banks.Until August 2025, not a single second-level domain under .BD was protected by DNSSEC, leaving every DNS response unauthenticated. The 2016 Bangladesh Bank heist, where DNS was a key vector in the theft of USD 81 million, underscored the urgency.From workshop to economy-wide deploymentAPNIC delivered a three-day DNS/DNSSEC workshop in June 2024, attended by 28 participants. BTCL successfully deployed DNSSEC between the root zone and the .BD nameserver, but progress stalled after an economy-wide DNS blackout. In May 2025, Joyeeta Sen Rimpee attended the Phoenix Summit and met Philip Paeps of NSRC, whose hands-on approach rebuilt confidence. By day three, Rimpee had signed a zone, submitted a Delegation Signer (DS) record, and validated the chain of trust.The deployment used Algorithm 13 (ECDSA P-256 with SHA-256) for Key Signing Key and Zone Signing Key pairs, with BIND 9.9+ and inline signing. Key steps included:Signing the child zone for Khulna University of Engineering & Technology (KUET) to enable end-to-end validation.Using DIG, DNSViz, and Verisign Labs DNSSEC Debugger for real-time validation.Testing every change in a staging environment before production.ICANN86 verification debate and .app reverse hijackingAt ICANN86 in Seville, Spain (June 8-11), a central debate is whether tightening email verification reduces DNS abuse. Some propose cutting the 15-day verification window or requiring verification before a domain enters the DNS. Namecheap's blog argues that data does not support these measures as effective abuse deterrents.Separately, a World Intellectual Property Organization panelist found that Norman Ortiz, CEO of iGenApps, attempted reverse domain name hijacking of the domain com.app. The domain was acquired during the .app early access phase. The panel ruled that the complaint was brought in bad faith, marking a clear case of Reverse Domain Name Hijacking (RDNH).What comes next for domain governanceBangladesh's DNSSEC deployment provides a replicable model for other ccTLDs facing similar infrastructure and confidence gaps. The ICANN86 verification debate may shape future Registrar Accreditation Agreement requirements, while the .app ruling reinforces protections for domain investors against bad-faith complaints. Automated domain appraisal tools, recently evaluated by Domain Name Wire across 15 platforms, continue to evolve but remain a separate tool for valuation, not governance.", "mainEntityOfPage": "https://hostdir.net/blog/bangladesh-cctld-achieves-full-dnssec-deployment-icann86-debates-verification-and-app-domain-dispute-highlights-governance-challenges", "citation": [ { "@type": "CreativeWork", "name": "From workshop to deployment: How Bangladesh ccTLD implemented DNSSEC", "url": "https://blog.apnic.net/2026/06/08/from-workshop-to-deployment-how-bangladesh-cctld-implemented-dnssec/" }, { "@type": "CreativeWork", "name": "An app builder tried to reverse hijack com.app", "url": "https://domainnamewire.com/2026/06/05/an-app-builder-tried-to-reverse-hijack-com-app/" }, { "@type": "CreativeWork", "name": "The ICANN86 verification debate: what the data shows", "url": "https://www.namecheap.com/blog/icann86-verification-debate/" }, { "@type": "CreativeWork", "name": "And the best automated domain name appraisal tool is…", "url": "https://domainnamewire.com/2026/06/05/and-the-best-automated-domain-name-appraisal-tool-is/" } ], "_hostdir": { "kind": "news-article", "slug": "bangladesh-cctld-achieves-full-dnssec-deployment-icann86-debates-verification-and-app-domain-dispute-highlights-governance-challenges", "canonical": "https://hostdir.net/blog/bangladesh-cctld-achieves-full-dnssec-deployment-icann86-debates-verification-and-app-domain-dispute-highlights-governance-challenges", "category": "domains", "sources": [ { "url": "https://blog.apnic.net/2026/06/08/from-workshop-to-deployment-how-bangladesh-cctld-implemented-dnssec/", "title": "From workshop to deployment: How Bangladesh ccTLD implemented DNSSEC", "source_name": "APNIC Blog", "source_slug": "apnic-blog" }, { "url": "https://domainnamewire.com/2026/06/05/an-app-builder-tried-to-reverse-hijack-com-app/", "title": "An app builder tried to reverse hijack com.app", "source_name": "Domain Name Wire", "source_slug": "domain-name-wire" }, { "url": "https://www.namecheap.com/blog/icann86-verification-debate/", "title": "The ICANN86 verification debate: what the data shows", "source_name": "Namecheap blog", "source_slug": "namecheap-blog" }, { "url": "https://domainnamewire.com/2026/06/05/and-the-best-automated-domain-name-appraisal-tool-is/", "title": "And the best automated domain name appraisal tool is…", "source_name": "Domain Name Wire", "source_slug": "domain-name-wire" } ], "fact_checks": [ { "claim": "Bangladesh's .BD ccTLD had zero DNSSEC coverage until August 2025.", "source_url": "https://blog.apnic.net/2026/06/08/from-workshop-to-deployment-how-bangladesh-cctld-implemented-dnssec/", "verdict": "verified" }, { "claim": "The 2016 Bangladesh Bank heist involved USD 81 million and DNS was a key vector.", "source_url": "https://blog.apnic.net/2026/06/08/from-workshop-to-deployment-how-bangladesh-cctld-implemented-dnssec/", "verdict": "verified" }, { "claim": "A WIPO panel found Norman Ortiz attempted reverse domain name hijacking of com.app.", "source_url": "https://domainnamewire.com/2026/06/05/an-app-builder-tried-to-reverse-hijack-com-app/", "verdict": "verified" }, { "claim": "ICANN86 is debating whether tightening email verification reduces DNS abuse.", "source_url": "https://www.namecheap.com/blog/icann86-verification-debate/", "verdict": "reported" } ], "internal_links": [ { "anchor": "Namecheap", "target_url": "/providers/namecheap", "target_kind": "provider" }, { "anchor": "Summit", "target_url": "/providers/summit", "target_kind": "provider" }, { "anchor": "under", "target_url": "/providers/under", "target_kind": "provider" }, { "anchor": ".app", "target_url": "/domain-extensions/app", "target_kind": "tld" }, { "anchor": ".BD", "target_url": "/domain-extensions/bd", "target_kind": "tld" } ], "attribution": "HostDir News Desk — https://hostdir.net/blog/bangladesh-cctld-achieves-full-dnssec-deployment-icann86-debates-verification-and-app-domain-dispute-highlights-governance-challenges" } }