Home » FAQs
FAQs
Accounts and Point(s) of Contact (POC)

What is a POC?
A POC serves as a contact on a domain. There are three types: Billing, Technical, and Administrator. 

Can one person serve as multiple POCs on a single domain?
No. All POCs on a domain must be unique to prevent a single point of failure. Each domain will require three (3) distinct POCs before submitting a request for approval or before submitting a renewal payment.

Can one person serve as a POC on multiple domains?
Yes.

One of the POCs is no longer the right person to help manage a domain. We need to remove him/her. How do I do that?
If you are a POC on a domain that is undergoing the request process, you may update the POC with another. However, please ensure that you are selecting an existing user. If you are unable to update a POC with an existing user, please contact the Help Desk.

To change a single POC on the account, the Administrative POC will need to send an email to registrar@dotgov.gov, and request the change of POC. If the new POC already has an account on the system, please provide the Username for the account and which POC the user will replace. If the new POC does not currently have an account, please send the name and contact information to registrar@dotgov.gov so an account can be set up for them. For federal level domains, the email must come from a Government employee.

If all three POCs have left the domain, The Authorizing Authority must assign 3 more POCs in a new authorization letter.

The Guidelines for the Gov Domain section 1, h., states:

It is the registrant’s responsibility to provide all requested information and keep all account information current, to include POC information, DNS information and ensure the account is paid in full each year. Government domains / websites can be very large, complex and support important business operations. The process to address policy violations will allow for coordination across organizational boundaries and involve persons with the authority to make decisions on the appropriate course of action and in the time frame required.  The Administrative POC is the person who controls the content and is the manager of the operations of the domain.  The Technical POC is the person that operates the DNS and takes care of technical operations such as security patches, programming, etc. The Billing POC is the person that pays for the domain. The Authorizing Authority (AA) is the highest IT official or highest elected official that authorizes the domain to operate and contain information reference to their government responsibilities. The AA for Federal Agency domains is the CIO. The AA for State level domains is the Governor or their appointed CIO. The AA for local governments and Native Sovereign Nations is the highest elected official or the highest IT official. 

back to top 

How do I register a .gov domain?
To register a domain, please review the materials located on the Registration Process tab.

Do I need to enter DNS information when I submit my registration request?
You can add DNS at any time once the domain name request has been submitted. Note: Your domain cannot be activated until you add DNS.

My request was denied. What is the appeal process?
In October 1997, the Federal Networking Council delegated full responsibility for .gov domain registration to the General Services Administration (http://www.gsa.gov/). Please contact the Domain Registration Help Desk with any questions you may have.

Toll-free: (877) REG-GOVT or (877) 734-4688
E-mail: registrar@dotgov.gov 

How long is a .Gov domain registered?
Domains are registered for a 1 year period and are renewed annually.

If a POC for a domain is new, are there any steps that this person needs to take to become the POC?
Yes, a new POC must first request an account by sending an email to Help Desk at registrar@dotgov.gov. For a new domain request, the authorization letter must list the POC as a valid contact. Please go to Home < Forms for this authorization letter template.

What are the valid characters for a domain name and how long can it be?
A domain name may be up to 26 characters long, including the 4 characters used to identify the top-level domain (e.g., .gov). The only valid characters for a domain name are letters, numbers and a hyphen. Other characters, including a space, are not permitted. Domain names may not begin or end with a hyphen.

What are the requirements to be Point of Contacts (POCs) assigned to domain names?
The Admin POC must be from the signatory's office. For example, the Admin POC for a new state domain name must be in the governor's office. The Technical POC must be available 24/7 if this .Gov domain name is critical to your infrastructure. The Billing POC must have access to a credit card and be able to pay registration fees. 

One of the POCs is no longer the right person to help manage a domain. We need to remove him/her. How do I do that?
If you are a POC on a domain that is undergoing the request process, you may update the POC with another. However, please ensure that you are selecting an existing user. If your POC is new, that individual must be provisioned into the system beforehand by selecting Account on the login page (www.dotgov.gov). Please review the corresponding FAQ section for more details.

If you are unable to update a POC with an existing user, please contact the Help Desk.

Our CIO won't sign our authorization letter. What do we do now?
Without an Authorization Letter from your Mayor or the highest ranking city or county official, the State Governor, the State CIO, or the Federal CIO of your Federal agency, you cannot register for a .gov domain name.

Who is the Indian Affairs CIO representative?
Bureau of Indian Affairs
Office of Information Development
Attn: Angel Goldtooth, Imelda Tapang,

12220 Sunrise Valley Drive Rm 5110
Reston, VA 20191
Angel.Goldtooth@bia.gov
Tel: 505-563-5457

Imelda.Tapang@bia.gov
Tel: 703-390-6696 

Are states eligible to receive a .gov domain?
Yes, states are eligible to receive a .gov domain name if the authorization letter is signed by the Governor or State CIO.

Where do I send my Authorization Letter?
Fax your letter to: (540) 301-0160
or
Email a digital copy to registrar@dotgov.gov

back to top 

How do I reset my password?
If you do not recall your password, please contact the Help Desk and a temporary password will be generated for you. You will be prompted to change your password for security protocols.

How quickly will modifications to my domain propagate throughout the Internet?
Propagation depends on a variety of factors, such as caching and connectivity, the changes are usually effective by the next morning.

What are the steps that should be taken to remove a domain and delete it from the .gov system?
Only a registered POC on a domain may request deletion of a domain by sending an email to the .GOV Registrar at registrar@dotgov.gov. In addition to requesting the domain to be deleted, the domain owner should request the resource records for that domain to be removed from the zone file on the nameservers hosting the domain.

Why won't my domain work after updating the registration with actual name servers?
Adding name servers to a reserved domain does not change its status from reserved to active if other requirements are pending. You are permitted to reserve a domain for up to 90 days, giving you time to submit all of the required registration information.

If the name server information is the only remaining information required for registration, it will take approximately 1 to 2 days following receipt of valid name server data for .gov Domain Registration Services to activate your domain. Expect an additional 1 to 2 days for the update to propagate across the Internet.

Where can I get a list of domains that are up for renewal?
From the Home Tab click on Fees.

How do I transfer ownership of a domain name from one organization to another organization (such as from one agency to another agency)?
To transfer ownership of a domain name from one agency to another agency, two letters must be submitted to the .Gov Domain Manager - one from the transferring agency and one from the accepting agency.

The letter from the transferring agency must be on official agency letterhead and signed by the transferring agency chief information officer (CIO). The letter should formally request that the domain name be transferred to the new agency and should include the following information:

  • Both agency names (transferring agency and accepting agency)
  • Domain name to be transferred
  • Current POC(s) and phone number(s) (for the transferring agency)
  • New POC(s) and phone number(s) (for the accepting agency).

The letter from the accepting agency must be on official agency letterhead and must be signed by the accepting agency CIO. 

This letter must specify the request for ownership of the domain name and should include the following information:

  • Both agency names (transferring agency and accepting agency)
  • Domain name to be transferred
  • Current POC(s) and phone number(s) (for the transferring agency)
  • New POC(s) and phone number(s) (for the accepting agency) and
  • New domain name server (DNS) information.

Request letters should be faxed to the attention of the .Gov Domain Manager, at (540) 301-0160 or email a digital copy to registrar@dotgov.gov. After the .Gov Domain Manager has received and verified both letters, the .Gov Domain Registration database will be updated to reflect the transfer.

back to top

What are current registration fees?
The current cost of a .gov domain name is $400 per year.

How often do I need to renew my domain name?

Domain name(s) must be renewed annually. POCs are sent renewal reminder emails at various intervals. Please note that if your domain names are not kept current, they will be removed from active status. If any of your .Gov domain name(s) are removed from active status, any services attached to such domain name(s) may experience issues.

What is the form of payment for .gov domain names?
The only form of payment that is accepted is credit cards. We do not accept any other form of payment.

What happens if I do not renew my domain name?
If a renewal payment is not submitted, domain name(s) do not automatically get removed from the zone. If you do not wish to renew, a registered POC must submit written consent requesting removal of the domain, otherwise, the agency will be held financially responsible for registration fees under Final Rule - 41 CFR Part 102-173.35 and Final Rule - 41 CFR Part 102-173.40. Written consent can be emailed to the Help Desk at registrar@dotgov.gov

What happens if I fail to sumit a payment?
Failure to submit payment does not result in removal of your domain. The entity or agency will be held financially responsible for all accrued registration fees under Final Rule - 41 CFR Part 102-173.35 and Final Rule - 41 CFR Part 102-173.40. Your entity or agency will not be able to acquire new domains until your account is up to date.  If you wish to delete your domain, a registered POC must submit written consent requesting deletion to the Help Desk at registrar@dotgov.gov.
 

back to top

Why can I not access systems within my domain, but people outside can?
To speed up the entire DNS process, name servers will temporarily store IP addresses that they have found. This means that if someone in the office next to you visits www.dotgov.gov and then you visit the site shortly afterwards, you receive the IP address from the local, temporary storage rather than through the root servers. If you or your ISP's local name server is not "expiring" this temporary storage (called a cache), you could be getting incorrect IP addresses while people connected through different ISPs are getting the correct information. Please contact your ISP or local technical support for assistance.
back to top

Where do I look for the authoritative .gov zone data?
The root servers (e.g., a.root-server.net - j.root-server.net) are the authoritative source of .gov information that is "live" on the Internet.
 
back to top

What are the hours of operations for the Registration Help Desk?
The Registration Help Desk is open on U.S. government working days from 9 a.m. to 5 p.m. Eastern and 24/7 for emergencies.

back to top 

What is the Cloud Signing Service?
The Cloud Signing Service eliminates many of the administrative burdens of the technical DNSSEC signing and management process. The service performs the initial cryptographic signing, the regular re-signing of zone resource records and the ongoing management of key rollover schedules and the associated zone re-signing.

Please note that this service will no longer be offered as of September 30, 2017.

back to top 


Domain HTTP Strict Transport Security (HSTS) Automatic Preloading
What is HTTPS and why is it important?
HTTPS is a protocol that gives users a level of security and privacy when connecting to websites and web services

The internet’s fundamental design means that both visitors and website owners have very little control over where communications will travel, or whose devices will carry that communication. To ensure secure communication across the internet, traffic must be encrypted all the way from visitors’ devices to the website owners’ devices -- and that’s exactly what HTTPS does. Without HTTPS, hostile networks can inject malware or tracking beacons, or otherwise monitor or change visitor interactions online.

Without HTTPS, website visitors have no guarantees about what happens as they browse the web. Without HTTPS, a visitor’s communication with a website can be modified or monitored by anyone or anything “between” them and the website they’re visiting. The attacker could be someone using that coffee shop WiFi (or the coffee shop itself), or it could be someone who’s hacked an old, out-of-date load balancer which website traffic is flowing through on its way around the internet. 

What is HSTS/HTTPS preloading?
Today, web browsers allow websites to be “preloaded” as HSTS-only. This means that web browsers will always use HTTPS to connect with those websites. For example, “whitehouse.gov” has been preloaded into all major web browsers. If you type “whitehouse.gov” into your browser and hit “Enter,” or click on a link without https in the protocol, your browser knows to connect to https://whitehouse.gov instead of http://whitehouse.gov, even though you didn’t specifically tell it to. The same thing happens if you go to a subdomain of whitehouse.gov, like petitions.whitehouse.gov. 

By preloading “whitehouse.gov”, the White House has ensured that browsers will always make secure HTTPS connections to all of its websites.

Will automatic preloading affect all .Gov domains?
No. ALL the following criteria must be met for domains (and associated websites) to be affected:

  • The .Gov domain belongs to an agency of the Federal Government’s Executive branch; AND
  • The .Gov domain was registered for the first time on a date after May 15, 2017; AND
  • The .Gov domain is on the preload list.

Will automatic preloading affect non-Executive branch federal domains and websites?
No. If a .gov domain belongs to the federal government’s Legislative or Judicial branches, it will not be affected by HTTPS preloading.

Will automatic preloading affect state or local government, or Native tribe domains and websites?
No. If a .Gov domain belongs to a native tribe, a state, or a local government entity, it will not be affected by HTTPS preloading.

Will automatic preloading affect existing (registered BEFORE May 15, 2017) Executive branch federal .gov domains and websites??
No. If a .Gov domain was registered before May 15, 2017, it will not be affected by the HTTPS preloading. 

Note: It’s possible for any .Gov domain owner to preload their own domain. Some domains not meeting the above criteria have been preloaded through the domain owner’s direct action, and could be affected. This service only applies to identifying domains preloaded through the DotGov’s Program team action, rather than the domain owner’s action.

See below to learn how to verify whether a domain has been preloaded.

How will HSTS preloading affect .Gov domain visitorss?

If a .Gov domain is affected and preloaded, any websites hosted on that domain or any of its subdomains will be affected in the following two ways:

  1. Supporting web browsers will automatically redirect HTTP requests to the HTTPS version of the same URL, for any URL on that domain or its subdomains.
    • To illustrate, if “example.gov” is preloaded, then attempting to visit http://example.gov/about/ will redirect the user to https://example.gov/about/.
    • Similarly, attempting to visit http://history.example.gov/faq/ will redirect the user to https://history.example.gov/faq/.
    • This will happen no matter how the domain owner has configured their web server. In fact, this will happen even if the domain owner has no web server configured at all.
  2. Supporting web browsers will NOT allow website visitors to click through any certificate warnings a user might encounter on a website on the affected .Gov domain or any of its subdomains. This means that affected domain owners must treat a certificate configuration issue as equivalent to downtime. Visitors cannot be asked to click through certificate warnings to use the website.

How can I verify whether a .Gov domain is preloaded?
To verify whether a domain is being affected by HSTS preloading:

  1. Check Chrome’s HSTS Preload list form at https://hstspreload.org. Enter the domain and click “Check status and eligibility.” For example, if you enter “whitehouse.gov” you’ll get a message saying “Status: whitehouse.gov is currently preloaded.”
  2. View the Chrome source code at https://chromium.googlesource.com/chromium/src/net/+/refs/heads/master/http/transport_security_state_static.json. This is a large file and is in JSON form, but is the authoritative source of whether the domain is preloaded in Chrome. Other browsers pull from this list as well, so it should be valid for browsers other than just Chrome.
How should I address web certificate issues that could prevent visitors from viewing web content?

If visitors experience certificate issues on a website the agency intends for public use, and that domain is affected by preloading, then the federal agency must take action to fix the issue. Visitors will not be able to “click through” the certificate warning.

Common certificate issues include:

  • The certificate has “expired.” Certificates are valid for a certain length of time from issuance, and once they expire they will no longer be trusted by web browsers.
    • Solution: Renew and redeploy the certificate.
  • The certificate is served with an incomplete certificate chain. This issue can be difficult for non-technical visitors to diagnose, and may appear to affected visitors as if the certificate is not issued by a trusted authority (Note: only some visitors may be affected -- for example, this commonly affects mobile visitors but not desktop visitors).
  • The certificate is not valid for the given domain name. Certificates are only valid for the exact specific domain name shown in the URL bar.
    • Solution: The agency must issue a new certificate valid for that domain name, or reissue an existing certificate to add the domain name to its list of valid domain names. Examples of this include::
      • A certificate valid for “example.gov” will not work for https://history.example.gov.
      • A certificate valid for “example.gov” will not work for https://www.example.gov.
      • A certificate valid for “www.example.gov” will not work for https://example.gov.
      • A certificate valid for “*.example.gov” will not work for https://example.gov. (This certificate will be valid for https://www.example.gov).
  • The certificate is not issued by a trusted authority. Visitors use browsers and operating systems that only trust a certain set of “certificate authorities,” and many visitors from the general public use browsers and operating systems that do not trust government-issued certificates. For websites that serve a public audience, agencies must use commercially issued certificates.

Where can I obtain a web certificate for my .Gov website?
To obtain new certificates, agencies should make use of any publicly trusted certificate authority. In general, these are commercial or non-profit entities, as the U.S. government does not operate a certificate authority trusted by all modern browsers.

GSA encourages .Gov domain owners to obtain low cost or free certificates. More expensive certificates generally do not offer more security value to service owners, and automatic deployment of free certificates can significantly improve service owners’ security posture.

For more information, see: https://https.cio.gov/certificates/