DigitalOcean home
  • Droplets
  • Spaces
  • Kubernetes
  • Tools & Integrations
  • One-click Apps
  • API Documentation
  • Community
  • Tutorials
  • Q&A
  • Projects
  • Meetups
  • Customers
  • Pricing
  • Docs
  • Support
  • DigitalOcean home
  • Products
    • Droplets

      Scalable compute services.

    • Spaces

      Simple object storage.

    • Kubernetes

      Run managed Kubernetes clusters.

    • Tools & Integrations

      Automate your infrastructure.

    • One-click Apps

      Deploy pre-built applications.

    • API Documentation
  • Customers
  • Community
    • Community Overview

      Connect, share and learn

    • Tutorials

      DevOps and development guides

    • Questions & Answers

      Development and systems Q&A

    • Projects

      Community-built integrations

    Get Involved
    Write for DOnations
    Join us at a Meetup
    Featured Post
    An Introduction to Kubernetes

    by Justin Ellingwood

  • Pricing
  • Docs
  • Support
    • Documentation

    • Contact Support

    • Network Status

  • Home /
  • DO-I-2481 /
  • New idea
895 Vote

Add DNSSEC support to the DNS manager

This would mean that you would allow us to upload our DNSSEC keys in the manager, so that your name servers can sign their responses, and prove authenticity of their responses.

  • Will
  • Sep 11 2018
  • Future consideration
DNS
  • Comments (177)
  • Votes (895)
  • Attach files
  • Ryan McGinn commented
    24 Feb 06:05am

    Yes ++ I setup my own DNS server with my droplet so I could use DNSSec which worked brilliantly with my test .com but failed miserably when I rolled it out with my country's TLD as they must be more strict and wouldn't let me fudge two name servers resolving to the same IP. I was oh so close <<shakes fist>>

    ×

    Attachments Open full size

  • Memescape commented
    22 Feb 02:15pm

    Come on DO, this has been requested for at least the last 6 years. This is no longer something nice to have, but something that is essential.

    ×

    Attachments Open full size

  • Marek Sebera commented
    20 Jan 04:07pm

    Similar to full support of SSL/TLS on customer-facing services, DNSSEC provides chain-of-trust to DNS resolvers. We're also facing legal requirement of DNSSEC in governmental projects currently.

    Lack of DNSSEC is also valid report in BugBounty, if your service (hosted on DO) has a bugbounty program.

    And lastly, requiring domain to be hosted with DO for Let's Encrypt certificates in other services, eg. Spaces or LoadBalancer, should not lower the domain security by stripping the DNSSEC (which currently almost all domain registrars in EU support), that is in my opinion plain wrong.

    ×

    Attachments Open full size

  • Zeev Rotshtein commented
    12 Jan 06:21pm

    +1

    ×

    Attachments Open full size

  • Zeev Rotshtein commented
    10 Jan 07:44pm

    +1

    ×

    Attachments Open full size

  • David M commented
    16 Dec, 2020 01:27pm

    +1

    ×

    Attachments Open full size

  • Tomas Debnar commented
    11 Dec, 2020 02:19pm

    +1

    ×

    Attachments Open full size

  • Amine Saidane commented
    9 Dec, 2020 04:17pm

    +1

    ×

    Attachments Open full size

  • Paul Cottet commented
    26 Nov, 2020 01:44am

    +1 please it is needed for hosting a mail server

    ×

    Attachments Open full size

  • Tyler Rodick commented
    14 Nov, 2020 09:34pm

    This really needs to be implemented, given the increasing number and sophistication of attacks on legitimate websites. Phishing can be taken to a whole new level if a MITM can inject him/herself into the DNS query and redirect an unsuspecting (or even a very careful) user to a malicious site with the correct domain name. How do we know that a site really is who it says it is anymore without DNSSEC?

    ×

    Attachments Open full size

  • Mads Jensen commented
    12 Nov, 2020 04:38pm

    I'd also like this feature. I only run a hobby project on DO, so my use case is more familiarization and exploring this.

    However, it's one of the things that https://sikkerpånettet.dk checks which is a project by several Danish organizations, including E-mærket which is a certification label that Danish webshops can apply for. So for businesses, it'd be very attractive to offer this.

    You already offer CAA records, which is another security feature. Please consider increasing DNS further with DNSSEC.

    ×

    Attachments Open full size

  • Ricardo Cruz commented
    30 Oct, 2020 06:23am

    Please add this to DNS Manager

    ×

    Attachments Open full size

  • Dave D commented
    29 Oct, 2020 10:35pm

    This is becoming a legal requirement in EMEA and is a deal breaker.

    ×

    Attachments Open full size

  • Emil commented
    27 Oct, 2020 08:36pm

    This is now a legal requirement in Denmark and probably most of EU. Unable to have this makes DigitalOcean useless for businesses.

    ×

    Attachments Open full size

  • J Knudsen commented
    26 Oct, 2020 12:51pm

    +1 get it done soon :)

    ×

    Attachments Open full size

  • Jon VonSeggen commented
    24 Oct, 2020 12:46am

    +1

    ×

    Attachments Open full size

  • Hilmar Hallbjörnsson commented
    11 Oct, 2020 09:30am

    +1500. Please fix, this has been in a queue since 2015 (at least). What is the holdup?

    ×

    Attachments Open full size

  • Patrick Rossel commented
    9 Oct, 2020 12:27pm

    We need this!

    ×

    Attachments Open full size

  • Sam commented
    20 Sep, 2020 09:19pm

    Why is DigitalOcean silent on this issue? We've been asking for years.

    ×

    Attachments Open full size

  • Gabriel Diaz Arias commented
    16 Sep, 2020 10:56pm

    This one is very very important to grant security to our users

    ×

    Attachments Open full size

  • Load older comments
  • +795
Log in / Sign up

Identify yourself with your email address

Subscribe

You won't be notified about changes to this idea.

Related ideas

DigitalOcean home

© 2018 DigitalOcean, LLC. All rights reserved.
Proudly made in NY

  • Twitter
  • Facebook
  • Instagram
  • YouTube
  • LinkedIn
  • Glassdoor
Company
About
Leadership
Blog
Careers
Partner Network
Referral Program
Events
Press
Legal & Security
Products
Droplets
Spaces
Kubernetes
Tools & Integrations
One-click Apps
API
Pricing
Documentation
Release Notes
Community
Tutorials
Meetups
Q&A
Write for DOnations
Droplets for Demos
Hatch
Shop Swag
Research Program
Currents Research
Open Source
Support
Contact Support
FAQ
Network Status