Which of the following is NOT a step to configure DNSSEC on GCP?

Choosing a DNS resolver that does not validate signatures is indeed not a step to configure DNSSEC on Google Cloud Platform (GCP). DNSSEC, or Domain Name System Security Extensions, is designed to add a layer of security to the DNS protocol by allowing resolvers to validate the authenticity of DNS responses using signatures. To properly utilize DNSSEC, you want to ensure that you are using a DNS resolver that does validate these signatures.

Using the DNSSEC capabilities effectively involves ensuring that the DNS resolution process can confirm the integrity of the responses it receives. If a resolver does not validate signatures, it defeats the purpose of having DNSSEC enabled, as it would not be verifying whether the responses are legitimate or potentially forged.

The other options relate directly to meaningful steps required to properly implement and enable DNSSEC. This includes using parameters like --dnssec-state on when creating DNS resources to signal that DNSSEC should be active, activating DNSSEC at the domain registrar to ensure that the upper-level domain is also configured for security, and configuring the DNS zone appropriately to include the necessary DNSSEC records. All these actions are essential in setting up DNSSEC properly, contributing to the overall security of the DNS infrastructure.