State pages
Derived public summaries of current posture across DNSSEC, DMARC, registrar, provider and RDAP signal areas.
Methodology
A small, independent observatory capturing how visible trust signals behave across a fixed set of
.au domains over time.
How .auDO collects, preserves, classifies and publishes public domain-layer observations.
Fixed panel
Repeated collection
Snapshot preservation
Cautious interpretation
Purpose
.auDO exists to preserve public evidence of visible domain-layer trust signals in the .au namespace and make cautious, method-led reporting easier to inspect.
The observatory is young and intentionally modest. It is designed to support disciplined accumulation first, then stronger interpretation only where repeated evidence supports it.
Observation model
The method is deliberately simple: observe the same panel repeatedly, preserve state before interpretation, compare changes, classify observations, and publish stable reports.
Select panel
Collect public signals
Preserve snapshots
Compare changes
Classify observations
Publish reports
State before interpretation
Public DNS, RDAP, mail, registrar and infrastructure state is retained as evidence before report language is applied.
Repeated evidence over single lookups
A single lookup can show a moment. Repeated collection gives changes and persistence enough context to be interpreted cautiously.
Publishing model
What the method produces
.auDO separates collection, derived summaries, dated reports and explanatory material so readers can move from evidence to context without confusing observations for conclusions.
Reports
Dated report artefacts that preserve observed change and support later review.
Signals
Canonical definitions for observed fields and human-readable signal tiers.
Cohorts
Logical groupings within the curated panel used to describe aggregate signal context.
Explainers
Plain-language context for readers who need to understand why a signal matters.
Observation Panel
A public operational view of panel composition, signal mix and longitudinal context.
Current scope
.auDO is a small observatory of the .au namespace. It observes how visible domain and DNS trust signals behave over time across a fixed panel of domains.
Provenance
.auDO began as an R&D observatory in February 2026. The current retained reporting baseline begins on 26 March 2026.
Boundaries
It is not full-coverage monitoring, not a real-time console, not a vulnerability scanner, and not a representation of the full namespace.
The build remains intentionally lean: enough structure to observe, preserve, and publish without presenting the system as full-coverage monitoring.
Signal model
Signals collected
.auDO observes public DNS, RDAP, mail posture, DNSSEC, provider inference and provenance signals. These are visible technical signals, not private security findings.
Registration and RDAP
Registrar, RDAP status, domain dates, redaction indicators and related registration metadata where visible.
DNS and mail posture
Name servers, address records, MX records, TXT records, SPF and DMARC presence.
DNSSEC
Visible DNSSEC evidence including DNSSEC state, DNSKEY presence and RDAP-derived DNSSEC indicators.
Provider inference
Visible DNS and email provider patterns inferred from public configuration.
Provenance
Snapshot metadata, raw evidence, source fallback and collection context used to preserve traceability.
Not first-class signals
Hosting provider and ASN context may appear in specific report artefacts where evidence exists, but they are not currently first-class snapshot signal families.
Read the Signals library for canonical definitions and interpretation limits.
Data collection and preservation
| Area | Current approach |
|---|---|
| Observation scope | A fixed panel of 100 .au domains selected for sector mix, operational relevance, and signal diversity rather than full namespace coverage. |
| Collection cadence | Scheduled recurring collection designed to support repeatable longitudinal observation rather than one-off lookup results. |
| State capture | Public state is captured as snapshots so observed posture can be preserved directly before interpretation is applied. |
| Change detection | Meaningful differences are derived across runs, allowing nameserver, registrar, DNSSEC, mail and related trust-layer changes to be reviewed over time. |
| Report artifacts | Reports are generated from stable exported artifacts so analysis remains inspectable, repeatable, and separate from live collection. |
| Publication model | A lightweight static site publishes method context, daily reports, charts and panel state without pretending to be a real-time monitoring console. |
Classification
Signal tiers
Signal tiers are interpretive metadata used to describe different kinds of observed change. The canonical human-readable definitions live in the Signals library.
Tier 1
High-signal trust posture change.
Tier 2
Meaningful infrastructure movement.
Tier 3
Routine or low-confidence churn.
Unclassified
Retained evidence not yet explicitly mapped.
Interpretation principles
Cautious by default
Interpretation should be supported by repeated evidence, persistence, volume thresholds or clear context. Single observations are reported without over-claiming.
Evidence summaries, not scores
Counts summarise retained observations. They are not risk scores, ratings, compliance findings or statements about organisational fault.
Public-data-first
.auDO observes public technical state. It does not inspect private systems or infer internal intent from public changes alone.
No compromise claims
Observed changes are not evidence of compromise, breach, incident or non-compliance unless separate evidence explicitly supports that conclusion.
Limits and maturity
The observatory can already surface useful patterns in visible posture and repeated change, but it is still early.
The current priority is improving event quality, reducing classification ambiguity, and building enough longitudinal history to support stronger interpretation over time.
Young but operating
Not full namespace coverage
Not real-time monitoring
Not a vulnerability scanner