Methodology

A small, independent observatory capturing how visible trust signals behave across a fixed set of .au domains over time.

How .auDO collects, preserves, classifies and publishes public domain-layer observations.

Fixed panel Repeated collection Snapshot preservation Cautious interpretation

Purpose

.auDO exists to preserve public evidence of visible domain-layer trust signals in the .au namespace and make cautious, method-led reporting easier to inspect.

The observatory is young and intentionally modest. It is designed to support disciplined accumulation first, then stronger interpretation only where repeated evidence supports it.

Project overview

For a shorter overview of the observatory, download the .auDO introduction brief. It summarises the project’s purpose, scope and evidence-first reporting posture.

Observation model

The method is deliberately simple: observe the same panel repeatedly, preserve state before interpretation, compare changes, classify observations, and publish stable reports.

Select panel Collect public signals Preserve snapshots Compare changes Classify observations Publish reports

State before interpretation

Public DNS, RDAP, mail, registrar and infrastructure state is retained as evidence before report language is applied.

Repeated evidence over single lookups

A single lookup can show a moment. Repeated collection gives changes and persistence enough context to be interpreted cautiously.

Publishing model

What the method produces

.auDO separates collection, derived summaries, dated reports and explanatory material so readers can move from evidence to context without confusing observations for conclusions.

State pages

Derived public summaries of current posture across DNSSEC, DMARC, registrar, provider and RDAP signal areas.

Reports

Dated report artefacts that preserve observed change and support later review.

Signals

Canonical definitions for observed fields and human-readable signal tiers.

Cohorts

Logical groupings within the curated panel used to describe aggregate signal context.

Explainers

Plain-language context for readers who need to understand why a signal matters.

Observation Panel

A public operational view of panel composition, signal mix and longitudinal context.

Data governance

Data categories and context artefacts

.auDO keeps observation evidence, derived summaries, cohort context and external registry reference data separate. The namespace-panel context JSON is the reusable bridge used by public surfaces.

Shared namespace context is loaded when available. Static methodology notes remain valid without it.

Data categoryRoleInterpretation limit
.auDO observation dataPublic DNS, RDAP, mail, DNSSEC, registrar and provider signals collected from the fixed panel over time.Observation evidence for the panel only. It is not private system evidence or whole-namespace monitoring.
Derived State dataGenerated summaries used by State pages to describe current visible posture across signal families.Panel summaries, not registry-wide measurements, scores or assessments.
Cohort dataCurated groupings of panel domains used to make aggregate observations easier to read.Cohorts are not complete sector coverage and do not support sector-wide findings.
External auDA registry reference dataMonthly registry statistics used to show wider .au namespace scale and suffix context.External reference context only. It is not .auDO observation evidence.
Namespace-panel context dataDerived JSON that combines panel composition with the latest available auDA registry context for public rendering.A presentation context layer. It avoids each page independently joining raw reference and panel data.
-fixed panel domains
-external namespace scale
-registry reference month
-context generated

Namespace-panel limitations load from the shared context JSON when available.

Current scope

.auDO is a small observatory of the .au namespace. It observes how visible domain and DNS trust signals behave over time across a fixed panel of domains.

Provenance

.auDO began as an R&D observatory in February 2026. The current retained reporting baseline begins on 26 March 2026.

Boundaries

It is not full-coverage monitoring, not a real-time console, not a vulnerability scanner, and not a representation of the full namespace.

The build remains intentionally lean: enough structure to observe, preserve, and publish without presenting the system as full-coverage monitoring.

Signal model

Signals collected

.auDO observes public DNS, RDAP, mail posture, DNSSEC, provider inference and provenance signals. These are visible technical signals, not private security findings.

Registration and RDAP

Registrar, RDAP status, domain dates, redaction indicators and related registration metadata where visible.

DNS and mail posture

Name servers, address records, MX records, TXT records, SPF and DMARC presence.

DNSSEC

Visible DNSSEC evidence including DNSSEC state, DNSKEY presence and RDAP-derived DNSSEC indicators.

Provider inference

Visible DNS and email provider patterns inferred from public configuration.

Provenance

Snapshot metadata, raw evidence, source fallback and collection context used to preserve traceability.

Not first-class signals

Hosting provider and ASN context may appear in specific report artefacts where evidence exists, but they are not currently first-class snapshot signal families.

Read the Signals library for canonical definitions and interpretation limits.

Data collection and preservation

AreaCurrent approach
Observation scopeA fixed panel of 100 .au domains selected for sector mix, operational relevance, and signal diversity rather than full namespace coverage.
Collection cadenceScheduled recurring collection designed to support repeatable longitudinal observation rather than one-off lookup results.
State capturePublic state is captured as snapshots so observed posture can be preserved directly before interpretation is applied.
Change detectionMeaningful differences are derived across runs, allowing nameserver, registrar, DNSSEC, mail and related trust-layer changes to be reviewed over time.
Report artifactsReports are generated from stable exported artifacts so analysis remains inspectable, repeatable, and separate from live collection.
Publication modelA lightweight static site publishes method context, daily reports, charts and panel state without pretending to be a real-time monitoring console.

Operating model

Operating infrastructure and independence

.auDO runs on a deliberately lean infrastructure model.

Provider .auDO use Operating boundary
Supabase .auDO uses Supabase as part of its data storage and analysis environment for retained observation data and derived reporting workflows. Supabase does not supply, review, approve or endorse .auDO observations, classifications or reports.
GitHub .auDO uses GitHub for source control, workflow automation, scheduled processing and management of generated artefacts. GitHub does not supply, review, approve or endorse .auDO observations, classifications or reports.
Cloudflare .auDO uses Cloudflare for public site delivery, report and asset delivery, and related storage and edge infrastructure. Cloudflare does not supply, review, approve or endorse .auDO observations, classifications or reports.

Classification

Signal tiers

Signal tiers are interpretive metadata used to describe different kinds of observed change. The canonical human-readable definitions live in the Signals library.

Tier 1

High-signal trust posture change.

Tier 2

Meaningful infrastructure movement.

Tier 3

Routine or low-confidence churn.

Unclassified

Retained evidence not yet explicitly mapped.

Read the canonical signal tier definitions.

Interpretation principles

Cautious by default

Interpretation should be supported by repeated evidence, persistence, volume thresholds or clear context. Single observations are reported without over-claiming.

Evidence summaries, not scores

Counts summarise retained observations. They are not risk scores, ratings, compliance findings or statements about organisational fault.

Public-data-first

.auDO observes public technical state. It does not inspect private systems or infer internal intent from public changes alone.

No compromise claims

Observed changes are not evidence of compromise, breach, incident or non-compliance unless separate evidence explicitly supports that conclusion.

Observation Guide

Use the Observation Guide for a practical walkthrough of how to move from public signal to cautious interpretation.

Limits and maturity

The observatory can already surface useful patterns in visible posture and repeated change, but it is still early.

The current priority is improving event quality, reducing classification ambiguity, and building enough longitudinal history to support stronger interpretation over time.

Young but operating Not full namespace coverage Not real-time monitoring Not a vulnerability scanner

.auDO records public observations. It does not assess internal governance. The Domain Governance Baseline is a separate resource for organisations that want to examine internal ownership, accountability and review.