In the last month, two more countries have joined the ranks of those with country-code Top-Level Domains (ccTLDs) secured with DNSSEC: Gabon (.ga), managed by the Agence Nationale des Infrastructures Numériques et des Fréquences (ANINF), and Georgia (.ge), managed by Caucasus Online. Both domains have signed their zones and published information in the root zone of the DNS, meaning DNSSEC is now fully enabled for their domains.
This follows Burkina Faso (.bf) and Papua New Guinea (.pg) signing their zones earlier this year.
Read: Burkina Faso Secures Top-Level Domain.
“.PG is a ccTLD of Papua New Guinea (PNG). We recorded 67th ccTLD since September 1991. Since then PNG University of Technology (PNGUoT) ICTS Department has been a custodian of Domain and managed .PG domains.
“In October 2022, PNGUoT signed an MOU with the Department of ICT on behalf of the PNG National Government regarding technical partnership and .GOV.PG subdomain names regulated and endorsed by DICT.
“In April 2025, PNGUoT achieved a significant milestone event: signing its DNSSEC and production of the .PG Registry Automated System with Multicast Services. We are also in the process of developing a .PG Domain Portal with a local payment gateway at this moment.
“Next PNGUoT-ICTS targets to organise Registrar’s workshop in the country and do the awareness of .PG for local communities including Schools, NGOs and SMEs.”
Russell Deka Harada, Director of the ICTS department at PNG University of Technology, Manager of .pg ccTLD, and member of PICISOC.
To date, 168 countries have DNSSEC-enabled ccTLDs. Seven other countries (Curaçao, Ethiopia, Iraq, Oman, Somalia, Chad, and British Virgin Islands) have started the process of DNSSEC-enabling their ccTLD by signing the zone. That leaves 73 ccTLDs unsigned. At current deployment rates, it might be another 10 years before we reach 100% coverage of DNSSEC in the ccTLD space.
Click play on the data visualization below to observe the gradual expansion of DNSSEC deployment at ccTLD registries around the globe over the last 15 years. You can also search for individual countries of interest.
Signing the domain and installing security keys in the root zone of the DNS is only a first step to more widespread DNSSEC deployment, but it’s an important one. Incentivising registrants to sign their domains is also key, as is encouraging ISPs to enable DNSSEC validation in the recursive resolvers they provide to their subscribers.
You can continue to observe the steady increase in ccTLD DNSSEC adoption and DNSSEC validation adoption via our Pulse Enabling Technologies page.
Learn more about DNSSEC
Just about every Internet communication starts with a Domain Name System (DNS) lookup. The DNS is an essential piece of Internet infrastructure that translates human-friendly names (internetsociety.org) into computer-friendly numbers (2001:41c8:20::b31a). Like many other components of the Internet, the DNS started out without any security features in a vastly different Internet landscape.
Today, security and trustworthiness are vital foundations for the ongoing evolution and growth of a robust Internet that benefits users everywhere. DNS Security Extensions (DNSSEC) was developed to provide an additional level of security using cryptographic techniques to validate the authenticity of DNS information.