Add DNSSEC support to the DNS manager
This would mean that you would allow us to upload our DNSSEC keys in the manager, so that your name servers can sign their responses, and prove authenticity of their responses.
-
Guest
- Sep 11 2018
- Future consideration
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- +814
Related ideas
++++1
Attachments Open full size
You've been industry first in many, why laggard in this?????? Hard to understand.
Attachments Open full size
Still waiting years later...
Attachments Open full size
+1
Attachments Open full size
+1
Attachments Open full size
+1
Attachments Open full size
Please add dnssec feature. :)
Attachments Open full size
can we get this feature soon? we really need dnssec feature in your domain manager DO.
Attachments Open full size
Yes ++ I setup my own DNS server with my droplet so I could use DNSSec which worked brilliantly with my test .com but failed miserably when I rolled it out with my country's TLD as they must be more strict and wouldn't let me fudge two name servers resolving to the same IP. I was oh so close <<shakes fist>>
Attachments Open full size
Come on DO, this has been requested for at least the last 6 years. This is no longer something nice to have, but something that is essential.
Attachments Open full size
Similar to full support of SSL/TLS on customer-facing services, DNSSEC provides chain-of-trust to DNS resolvers. We're also facing legal requirement of DNSSEC in governmental projects currently.
Lack of DNSSEC is also valid report in BugBounty, if your service (hosted on DO) has a bugbounty program.
And lastly, requiring domain to be hosted with DO for Let's Encrypt certificates in other services, eg. Spaces or LoadBalancer, should not lower the domain security by stripping the DNSSEC (which currently almost all domain registrars in EU support), that is in my opinion plain wrong.
Attachments Open full size
+1
Attachments Open full size
+1
Attachments Open full size
+1
Attachments Open full size
+1
Attachments Open full size
+1
Attachments Open full size
+1 please it is needed for hosting a mail server
Attachments Open full size
This really needs to be implemented, given the increasing number and sophistication of attacks on legitimate websites. Phishing can be taken to a whole new level if a MITM can inject him/herself into the DNS query and redirect an unsuspecting (or even a very careful) user to a malicious site with the correct domain name. How do we know that a site really is who it says it is anymore without DNSSEC?
Attachments Open full size
I'd also like this feature. I only run a hobby project on DO, so my use case is more familiarization and exploring this.
However, it's one of the things that https://sikkerpånettet.dk checks which is a project by several Danish organizations, including E-mærket which is a certification label that Danish webshops can apply for. So for businesses, it'd be very attractive to offer this.
You already offer CAA records, which is another security feature. Please consider increasing DNS further with DNSSEC.
Attachments Open full size
Please add this to DNS Manager
Attachments Open full size