This would mean that you would allow us to upload our DNSSEC keys in the manager, so that your name servers can sign their responses, and prove authenticity of their responses.
Yes ++ I setup my own DNS server with my droplet so I could use DNSSec which worked brilliantly with my test .com but failed miserably when I rolled it out with my country's TLD as they must be more strict and wouldn't let me fudge two name servers resolving to the same IP. I was oh so close <<shakes fist>>
Similar to full support of SSL/TLS on customer-facing services, DNSSEC provides chain-of-trust to DNS resolvers. We're also facing legal requirement of DNSSEC in governmental projects currently.
Lack of DNSSEC is also valid report in BugBounty, if your service (hosted on DO) has a bugbounty program.
And lastly, requiring domain to be hosted with DO for Let's Encrypt certificates in other services, eg. Spaces or LoadBalancer, should not lower the domain security by stripping the DNSSEC (which currently almost all domain registrars in EU support), that is in my opinion plain wrong.
This really needs to be implemented, given the increasing number and sophistication of attacks on legitimate websites. Phishing can be taken to a whole new level if a MITM can inject him/herself into the DNS query and redirect an unsuspecting (or even a very careful) user to a malicious site with the correct domain name. How do we know that a site really is who it says it is anymore without DNSSEC?
I'd also like this feature. I only run a hobby project on DO, so my use case is more familiarization and exploring this.
However, it's one of the things that https://sikkerpånettet.dk checks which is a project by several Danish organizations, including E-mærket which is a certification label that Danish webshops can apply for. So for businesses, it'd be very attractive to offer this.
You already offer CAA records, which is another security feature. Please consider increasing DNS further with DNSSEC.
Yes ++ I setup my own DNS server with my droplet so I could use DNSSec which worked brilliantly with my test .com but failed miserably when I rolled it out with my country's TLD as they must be more strict and wouldn't let me fudge two name servers resolving to the same IP. I was oh so close <<shakes fist>>
Attachments Open full size
Come on DO, this has been requested for at least the last 6 years. This is no longer something nice to have, but something that is essential.
Attachments Open full size
Similar to full support of SSL/TLS on customer-facing services, DNSSEC provides chain-of-trust to DNS resolvers. We're also facing legal requirement of DNSSEC in governmental projects currently.
Lack of DNSSEC is also valid report in BugBounty, if your service (hosted on DO) has a bugbounty program.
And lastly, requiring domain to be hosted with DO for Let's Encrypt certificates in other services, eg. Spaces or LoadBalancer, should not lower the domain security by stripping the DNSSEC (which currently almost all domain registrars in EU support), that is in my opinion plain wrong.
Attachments Open full size
+1
Attachments Open full size
+1
Attachments Open full size
+1
Attachments Open full size
+1
Attachments Open full size
+1
Attachments Open full size
+1 please it is needed for hosting a mail server
Attachments Open full size
This really needs to be implemented, given the increasing number and sophistication of attacks on legitimate websites. Phishing can be taken to a whole new level if a MITM can inject him/herself into the DNS query and redirect an unsuspecting (or even a very careful) user to a malicious site with the correct domain name. How do we know that a site really is who it says it is anymore without DNSSEC?
Attachments Open full size
I'd also like this feature. I only run a hobby project on DO, so my use case is more familiarization and exploring this.
However, it's one of the things that https://sikkerpånettet.dk checks which is a project by several Danish organizations, including E-mærket which is a certification label that Danish webshops can apply for. So for businesses, it'd be very attractive to offer this.
You already offer CAA records, which is another security feature. Please consider increasing DNS further with DNSSEC.
Attachments Open full size
Please add this to DNS Manager
Attachments Open full size
This is becoming a legal requirement in EMEA and is a deal breaker.
Attachments Open full size
This is now a legal requirement in Denmark and probably most of EU. Unable to have this makes DigitalOcean useless for businesses.
Attachments Open full size
+1 get it done soon :)
Attachments Open full size
+1
Attachments Open full size
+1500. Please fix, this has been in a queue since 2015 (at least). What is the holdup?
Attachments Open full size
We need this!
Attachments Open full size
Why is DigitalOcean silent on this issue? We've been asking for years.
Attachments Open full size
This one is very very important to grant security to our users
Attachments Open full size