Hello. I registered a free email on nic.us.kg, and wanted to use deSEC. However, when I put the DNS thing on the dashboard and click update, the nameserver blanks remain blank. The FAQ said its because the nameserver isn’t valid, but I used an online check and it said it was. Could someone help me please. Thank you.
1 Like
Hello @Bruce5051 ,
Thanks for responding so quickly. Yeah, I forgot to remove the . It works now. However, when I get to the next step, it tells me to enable DNSSEC. But I don’t see how I can do that on nic.us.kg. It would be greatly appreciated if you can help me with that. Thank you
1 Like
Hi @Hello,
I don’t believe that it fully does DESSEC.
But I got a domain name that functions for getting a Let’s Encrypt certificate via the DNS-01 Challenge.
Edit
I just didn’t do that step.
1 Like
Thank you. So my understanding is, I don’t actually need to do that step? Also, regarding nic.us.kg, how can I actually use my domain? As I get an error when visiting my domain, do I need to host it myself? Thanks @Bruce5051
To get DNSSEC working for your domain you need to do two steps:
- Change the authoritative name servers to deSEC NS (or others that support DNSSEC).
- Set the DS record in the parent zone to complete the chain of trust from the root zone to your domain.
You apparently did step 1.
Step 2 can be more difficult. You don’t normally have direct access to the parent zone. So you need to ask your domain registrar to set this DS record for you. They are already able to set the NS delegation records in the parent zone. So theoretically they should be able to set the DS records as well. Good registrars have a web interface for this. If not you’ll need to open a support ticket and hope for the best.
RFC 7344, RFC 8078 and RFC 9615 may allow this step to be automated in the future, provided the registrar or the parent zone implement this. deSEC already supports this automation.
1 Like
A domain is just a domain. It points names to IPs (slightly simplified). You need to run some service(s) somewhere to get things like a web server or email. Whether you want to host this yourself or use an external hoster depends on many factors. For example the type of service, anticipated traffic, desired uptime, dealing with dynamic IPs in home setups, cost, technical expertise, …
deSEC e.V. is a DNS provider, nothing else. Some registrars offer combinations of domains and web/mail/… services.
1 Like
I didn’t find away with nic.us.kg.
If someone finds out how, I am definitely interested and going to utilize it. 
I took a quick look at what they offer. It seems they give out subdomains of us.kg. for free or donations.
And that implies it’s not possible as the domain us.kg. is not secured by DNSSEC. Unless they plan to change that, DNSSEC is a pipe dream for subdomains of that domain.
1 Like
Thanks @fiwswe for your time and effort!