Verisign Registry Onboarding Guide

Welcome to the Verisign New gTLD Customer Portal. We are excited to continue building strong relationships with our new gTLD customers as we embark into the next evolution of internet.

Evaluation to Award Highlights

Several of the key tasks and information to consider before award.


ICANN requires Domain Name System Security Extensions (DNSSEC) signing for all new gTLDs. According to Module 5, section 5.2.2 “Applicant must demonstrate support for EDNS (0) in its server infrastructure, the ability to return correct DNSSEC-related resource records such as DNSKEY, RRSIG, and NSEC/NSEC3 for signed zone, and the ability to accept and publish DS resource record from second-level domain administrators.”

Please refer to Verisign’s Service Guide, Exhibit C, Section 2(i) for details on Verisign’s DNSSEC implementation.

DNSSEC Highlights for Verisign –

  • Verisign will sign the New gTLD(s) zone(s) using NSEC3: opt out/sha-256 as may be updated.
  • ICANN does not require individual domain names in the New gTLDs to be signed
  • The ability to sign domain names (accept DS records) will be supported by the Verisign Registry System using the DNSSEC EPP extensions