Why can't I activate DNSSEC for Domains with a gg ccTLD, despite the fact that there are many domains, which have a valid signature?

W48B1T

5/26/24, 7:34 PM

This is my first question and hope that I'm in the right community. I bought a gg Domain a while ago and wanted, later needed, DNSSEC. After the purchase I encountered the problem, that I can not activate DNSSEC on basically any registrar / their name servers. They state, that it is not supported.

Yesterday I looked again and found, that there are many gg domains, which actually have a valid DNSSEC signature. I don't use the gg Domain at the moment, but probably would, if I could activate DNSSEC for it.

I didn't really find any useful information for this specific case. Maybe someone can provide me with some. Do you know any particular reason for this?

Thanks in advance!

1 + 0

domain-name-system

domain-name

nameserver

dnssec

domain-registrar

Score:1

Server

Håkan Lindqvist

5/26/24, 8:28 PM

The gg TLD zone itself is signed and there do indeed seem to exist signed child zones as well. All of which indicates that it actually is supported.

The question is not entirely clear about what exactly it is that "isn't supported" by the registrar and/or DNS hosting provider that you are dealing with. So I'm breaking it down into the two cases that I can imagine:

Delegation

If this is about the delegation itself (effectively the ability to add a DS record alongside the delegation NS records in the gg zone), it would seem to indicate a limitation of the specific registrar you are using (even if they themselves possibly phrase it differently).

See for instance this listing here as a counterexample to the "it's not supported for gg" claim.
(I'm sure there must be many other options for registrars that support this, I have no affiliation or interest in your choice of registrar, but wanted to show a concrete counterexample.)

If this is about what is clickable on the registrar site, it could also be that your current registrar just does not have automation in place and can do this manually for you, but if you have been in contact with them and they say it is not supported, I guess that is not so.

DNS signing

If the limitation instead is about the actual DNSSEC signing operation, it's not really about the gg TLD itself, rather about the DNS hosting provider (possibly the same company that is your registrar, but not necessarily so) not providing DNSSEC signing as part of their DNS hosting service.
If so, you could use a different DNS hosting provider also without changing registrars.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Why can't I activate DNSSEC for Domains with a gg ccTLD, despite the fact that there are many domains, which have a valid signature?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.