TLD SLA Compliance Metrics
Spec 10DNS
| Period | Availability | RTT Compliance | RTT p50 | RTT p95 | Checks | TSLAC |
|---|---|---|---|---|---|---|
| 24h | 100% | 100% | 100ms | 164ms | 440 | |
| 7d | 100% | 100% | 100ms | 183ms | 2400 | |
| 30d | 99.92% | 99.92% | 101ms | 796ms | 13260 |
DNSSEC Validation Metrics
Registry Agreement Spec 6DNSSEC is required by the Registry Agreement (Specification 6) but is not part of the Spec 10 SLA. We monitor DNSSEC validation independently.
| Period | Validation Rate | RTT p50 | RTT p95 | Checks | Status |
|---|---|---|---|---|---|
| 24h | 47.73% | 340ms | 340ms | 44 | |
| 7d | 47.92% | 320ms | 320ms | 240 | |
| 30d | 46.51% | 450ms | 450ms | 1318 |
Unlike Spec 10 services, DNSSEC has no formal availability SLA. Thresholds shown are operational guidelines.
DNS Protocol Issues
Non-Compliant BehaviorThese protocol issues were observed in the last 7 days and may affect DNS resolution or DNSSEC validation.
| Issue | Nameserver | First Seen | Last Seen |
|---|---|---|---|
edns0_ignored
— EDNS0 OPT absent in NOERROR response
|
ns.ucad.sn
|
2026-02-07 08:36 | 2026-04-14 19:36 |
Issues like rrsig_missing_udp indicate nameservers silently dropping DNSSEC signatures
in UDP responses without setting the truncation bit, which breaks validation for resolvers.
Current Check Status
Reported by Any53 Probes| Type | AF | RTT | Last Check | Source | Details | Status | TSLAC |
|---|---|---|---|---|---|---|---|
DNS
|
v4 | 83ms | 40 minutes ago | local | NSID: ns2.gb-lon.authdns.ripe… | OK | |
DNS
|
v6 | 83ms | 54 days, 16 hours ago | local | NSID: ns2.gb-lon.authdns.ripe… | OK | |
DNSSEC
|
v4 | 5004ms | 30 minutes ago | local | — | FAIL | |
DNSSEC
|
v6 | — | 30 minutes ago | local | — | FAIL |
Nameservers
5 IPs tested| Hostname | IP Address | AF | ASN | RPKI | Status |
|---|---|---|---|---|---|
dns-tld.ird.fr |
13.39.116.127 |
v4 | AS16509 | ||
ns-sn.nic.fr |
194.0.9.1 |
v4 | AS2484 | ||
ns.ucad.sn |
196.1.95.1 |
v4 | AS8346 | ||
ns1.sonatel.sn |
213.154.64.11 |
v4 | AS8346 | ||
sn.cctld.authdns.ripe.net |
193.0.9.111 |
v4 | AS197000 |
Per ICANN Spec 10, we test all delegated nameserver IPs independently.
Test With Your Computer
DNS
dig @dns-tld.ird.fr sn. SOA +dnssec +nsid
Query SOA with DNSSEC validation and NSID
drill -D sn. SOA @dns-tld.ird.fr
Alternative using drill with DNSSEC trace
Registry Information
ActiveICANN SLA Requirements
Per ICANN Registry Agreement Specification 10:
API Access
JSON APIAccess .sn compliance metrics programmatically via our REST API.
Quick Start
/any53/api/v1/compliance/sn/
curl -H "X-API-Key: ${YOUR_API_KEY}" \
"https://www.any53.com/any53/api/v1/compliance/sn/"
Example Response
{
"tld": "sn",
"display_name": ".sn",
"operator": "Senegal",
"updated_at": "2026-01-31T12:00:00Z",
"dns": {
"availability_24h": 99.99,
"rtt_p50_ms": 12,
"rtt_p95_ms": 42,
"sla_threshold_ms": 500
},
"servers": {
"whois_host": "whois.nic.sn"
},
"spec10_compliant": true
}
Generate API Key
Get a free API key to start making requests. Provide an email to upgrade to the verified tier (600 requests/hour).
Endpoints
| Endpoint | Description | Tier |
|---|---|---|
GET /compliance/ |
List all monitored TLDs | All |
GET /compliance/{tld}/ |
Current metrics for a TLD | All |
GET /compliance/{tld}/history/ |
Historical time-series data | Organization |
GET /compliance/{tld}/probes/ |
Per-probe breakdown | Organization |
POST /compliance/keys/ |
Generate a new API key | No auth |
Rate Limits
| Tier | Rate Limit | Features |
|---|---|---|
| Anonymous | 100/hour | Current snapshot, hourly aggregates |
| Verified | 600/hour | Current snapshot, hourly aggregates |
| Organization | 6000/hour | Historical data, per-minute resolution, per-probe breakdown |