.cfa

TLD SLA Compliance Monitoring

TLD SLA Compliance Metrics

Spec 10

DNS

Period Availability RTT Compliance RTT p50 RTT p95 Checks TSLAC
24h 100% 100% 48ms 122ms 504
7d 100% 100% 49ms 171ms 2880
30d 100% 100% 66ms 308ms 15972

RDAP

Period Availability RTT Compliance RTT p50 RTT p95 Checks TSLAC
24h 100% 100% 167ms 189ms 68
7d 100% 100% 167ms 192ms 360
30d 99.80% 99.80% 168ms 187ms 1992

DNSSEC Validation Metrics

Registry Agreement Spec 6

DNSSEC is required by the Registry Agreement (Specification 6) but is not part of the Spec 10 SLA. We monitor DNSSEC validation independently.

Period Validation Rate RTT p50 RTT p95 Checks Status
24h 100% 143ms 157ms 52
7d 99.67% 138ms 218ms 300
30d 99.76% 140ms 168ms 1674

Unlike Spec 10 services, DNSSEC has no formal availability SLA. Thresholds shown are operational guidelines.

Current Check Status

Reported by Any53 Probes
Type AF RTT Last Check Source Details Status TSLAC
DNS v4 9.9ms 3 minutes ago local NSID: YYZ3 OK
DNS v6 11ms 56 days, 23 hours ago local NSID: YYZ3 OK
DNSSEC v4 141ms 35 minutes ago local Key: 21814 OK
DNSSEC v6 153ms 35 minutes ago local Key: 21814 OK
RDAP v4 167ms 1 hour, 18 minutes ago local TLS 1.3 OK
RDAP v6 167ms 1 hour, 18 minutes ago local TLS 1.3 OK

RDAP HTTPS Timing

167ms total
DNS Lookup
TCP Connect
48ms
TLS Handshake
53ms
Time to First Byte
167ms

TLS 1.3 / TLS_AES_128_GCM_SHA256

Nameservers

6 IPs tested
Hostname IP Address AF ASN RPKI Status
v0n0.nic.cfa 65.22.104.27 v4
v0n1.nic.cfa 65.22.105.27 v4
v0n2.nic.cfa 65.22.106.27 v4
v0n3.nic.cfa 161.232.30.27 v4
v2n0.nic.cfa 65.22.107.27 v4
v2n1.nic.cfa 161.232.31.27 v4

Per ICANN Spec 10, we test all delegated nameserver IPs independently.

Test With Your Computer

DNS

dig @v0n0.nic.cfa cfa. SOA +dnssec +nsid Query SOA with DNSSEC validation and NSID
drill -D cfa. SOA @v0n0.nic.cfa Alternative using drill with DNSSEC trace

RDAP

curl -sS "https://rdap.identitydigital.services/rdap/domain/nic.cfa" | jq . Fetch RDAP JSON (positive lookup)
curl -I -sS "https://rdap.identitydigital.services/rdap/domain/nic.cfa" Headers only (check TLS, timing)
Open in Browser View RDAP response directly

Registry Information

Active
TLD .cfa
Operator CFA Institute
RDAP Server https://rdap.identitydigital.services/rdap/ RDAP Client

ICANN SLA Requirements

Per ICANN Registry Agreement Specification 10:

DNS SLA UDP RTT ≤ 500ms for 95% of queries. Availability: 99% (max 432 min/month downtime).
RDAP SLA RTT ≤ 4000ms for 95% of queries. Availability: 98% (max 864 min/month downtime).

API Access

JSON API

Access .cfa compliance metrics programmatically via our REST API.

Quick Start

GET /any53/api/v1/compliance/cfa/ 
curl -H "X-API-Key: ${YOUR_API_KEY}" \
  "https://www.any53.com/any53/api/v1/compliance/cfa/"

Example Response

{
  "tld": "cfa",
  "display_name": ".cfa",
  "operator": "CFA Institute",
  "updated_at": "2026-01-31T12:00:00Z",
  "dns": {
    "availability_24h": 99.99,
    "rtt_p50_ms": 12,
    "rtt_p95_ms": 42,
    "sla_threshold_ms": 500
  },
  "rdds": {
    "protocol": "RDAP",
    "availability_24h": 99.95,
    "rtt_p50_ms": 180,
    "rtt_p95_ms": 412,
    "sla_threshold_ms": 4000
  },
  "servers": {
    "rdap_url": "https://rdap.identitydigital.services/rdap/"
  },
  "spec10_compliant": true
}

Generate API Key

Get a free API key to start making requests. Provide an email to upgrade to the verified tier (600 requests/hour).

Endpoints

Endpoint Description Tier
GET /compliance/ List all monitored TLDs All
GET /compliance/{tld}/ Current metrics for a TLD All
GET /compliance/{tld}/history/ Historical time-series data Organization
GET /compliance/{tld}/probes/ Per-probe breakdown Organization
POST /compliance/keys/ Generate a new API key No auth

Rate Limits

Tier Rate Limit Features
Anonymous 100/hour Current snapshot, hourly aggregates
Verified 600/hour Current snapshot, hourly aggregates
Organization 6000/hour Historical data, per-minute resolution, per-probe breakdown

Enter a TLD name or IDN code • Browse all TLDs