.FI

TLD Specifications

 
Country
Registration Time
real-time
Registration period
1-5 years
Renewal period
1-5 years
Allowed character length
2 - 63 characters
Allowed characters
a-z, 0-9, MUST NOT contain two consecutive hyphens in the third and fourth character positions and MUST NOT start or end with a hyphen.
TLD supports
IPv6
DNSsec
IDN
Transfer locks possible
no
Renewal on transfer
no
Transfer time
real-time
Authcode length
8 - 64 characters
Handle updates
yes
Preconfigured DNS
no
Allowed Nameservers
2 - 10
Deletion Timeframe
2 days prior to paid until date
Redemption Period
30 days
 
 

Domain Restrictions

  • Although there are no more restrictions for .fi registrations, the registry still demands several extensions
  • DNSSEC does not support SHA-1
  • The DNSSEC signing algorithm 5 - RSASHA1 (RSA/SHA-1) WILL NO LONGER BE SUPPORTED as of 13 September 2020. .Fi domain names using Algorithm 5 keys will continue to operate normally and Traficom will not remove records currently in use from the .fi root.

    After the change, no new RSA/SHA-1 keys can be added. This means that another permitted algorithm must be used once the current keys are rotated out.

    Why this change is being made:

    The RSA/SHA-1 Algorithm is no longer considered secure.

    At a later time, Algorithm 7 will also be phased out. We therefore recommend to discontinue its use. Once the change has taken effect, the supported DNSSEC signing algorithms are the following:

    • Algorithm 7 - RSASHA1-NSEC3-SHA1

    • Algorithm 8 - RSASHA256 (RSA/SHA-256)

    • Algorithm 10 - RSASHA512 (RSA/SHA-512)

    • Algorithm 13 - ECDSAP256SHA256 (ECDSA Curve P-256 with SHA-256)

    The adoption of Algorithm 15 - Ed25519 is currently being considered and support for it will be available in the future.

Was this article helpful?
0 out of 0 found this helpful