To celebrate the 20^th anniversary of the fall of the Berlin Wall today, Berliners and other reunified Germans toppled a set of 1000 giant dominoes at the Brandenburg Gate—a metaphor for the fall of Communism in states throughout the Eastern Bloc.

While not as dramatic or significant as the fall of European Communism, several dominoes on the path to broad implementation of the DNS Security Extensions fell recently:

• Switzerland’s top-level zone, .ch, was signed.  I found this out in the nick of time:  just before I gave a security-themed presentation in Zuerich, where I would have looked pretty dumb had I not known that .ch was signed just days before.
• Since SWITCH, the organization that runs the Swiss registry, also runs Liechtenstein’s registry, Liechtenstein’s top-level zone, .li, was signed, too.  While Liechtenstein’s adoption of DNSSEC may seem like a footnote, remember that the country has more registered companies than citizens, including many financial services firms.
• Namibia became the first country in Africa with a DNSSEC-signed zone, .na.  (And the upcoming movie adaptation of “The Prisoner” was filmed in the Namibian city of Swakopmund, so clearly big things are happening in the country.)
• Niue’s top-level zone, .nu, is signed.  Sure, Niue is a tiny Pacific island nation (it’s population is less than that of a big Midwestern high school), but because “nu” means “now” in Swedish, it boasts a substantial population of Swedish registrants.
• Turkmenistan’s .tm zone is signed.  Through a similar quirk, Turkmenistan attracts registrants because “tm” is commonly used as an abbreviation for “trademark.”

All of this is good news for those of us who believe that widespread deployment of DNSSEC will make the Internet a safer place.

There are still some very big dominoes that haven’t fallen, of course—though they’re teetering:  the root zone, .com, .net, .uk, .de, and more.  The U.S. Department of Commerce has already announced that the root will be signed by July 1, 2010, and VeriSign will sign .net next year and .com in 2011.  Plus my old friend Matt works for VeriSign as their Vice President of DNS Research, and if I’m not mistaken, I owe him money.  I promise I won’t pay him back until VeriSign makes good on their commitments.