Scalable compute services.
Simple object storage.
Run managed Kubernetes clusters.
Tools & Integrations
Automate your infrastructure.
Deploy pre-built applications.
Connect, share and learn
DevOps and development guides
Questions & Answers
Development and systems Q&A
by Justin Ellingwood
This would mean that you would allow us to upload our DNSSEC keys in the manager, so that your name servers can sign their responses, and prove authenticity of their responses.
Any news about when the service will be available?
Come on, we need the feature!
I too would like this.
Another vote for this.
Please, add it soon! We need it.
We are begging you!
This is a must-have feature. While I love DigitalOcean, I would really love to see DO support DNSSec.
I can't wait to use it.
Any date on this?
Please add this feature soon.
Really need it!!!
Really need it
Need it ? !
DNSSEC FTW 🚀
... Come on guys, just do it.
Have been so impressed by the DO droplets, would really love to have that with DNS but as DNSSEC isn't available, it means that DO's domain features are kind of useless if you have any serious thought about protecting your domains.
They even tweeted this a year ago and still haven't moved on it...
A response from the DO team would be appreciated.
It should be added it's 2018 and every other dns provider has it supported.
This idea request has been open for 5 years with no movement?
It's a downer that we don't have ability to use DNSSEC with DigitalOcean in 2018. Definitely something we're looking forward to in near future, don't disappoint us :=)
+1, please add DNSSEC!
How many votes are needed to move this into In Progress?
Please add DNSSEC to your servers
Please add. Will be most useful.
+100. Please add this. We'll be moving servers otherwise.
Please add this feature.
Please add DNSSEC to your servers!
We seriously need DNSSEC. Digital Ocean, do something.
The time has come to become a full service hosting provider!
Please just add DNSSEC to your servers
Why is this not done yet?
how can this not exist yet?
we still waiting
we still waiting! common
Come on DO lets make this happen
We are in 2018 and still nothing? Come on DigitalOcean!!
Please add it soon
yea do it
Given the world of privacy/security we live in now, this only makes sense to offer.
It would be very helpful if this functionality was added.
Please, add this to functionality
It's been 5 years. It's nearly 2018 guys. Time to resolve this technical debt.
Please implement this ASAP. This has been "Gathering Feedback" for 3 years now. My organization needs this to protect our DNS. Please!!!
I concur, this needs to be added ASAP for those who want a full security setup for their websites.
Most valuable thing to get done, IMO
Can't see the reason not to
has to be done
+1 yes, please add DNSSEC support! This is a very useful security feature
+1, I believe it is a crucial feature and may have reconsidered choosing Digital Ocean had I known this beforehand.
Yes, please add this. Some of us want to decentralize our data, but security needs to be a top priority.
+1. I am in a position where I have to choose between DO’s DNS for PTR records, and gcloud’s beta implementation of DNSSEC.
Gathering feedback from three years ago??? C'mon guys - get it sorted for us ...
I was planning on moving to Digital Ocean DNS, but then I found out there is no DNSSEC there...
Any update from DO?
+1, would be really helpful
+1. Yes, this will be a good security feature to have.
+1 Would love this feature!
i am surprised dig.ocean doesn't have this.
I support this. I'd love for my server to be further secured against unencrypted DNS attacks.
I'm suggesting to improve DO DNS system by adding the DNSSEC support.
DNSSEC protocols is designed to add security to the DNS to protect it from certain attacks, such as any data modification attack (e.g. cache poisoning). It's a set of extensions to DNS, which provide origin authentication of DNS data, data integrity and authenticated denial of existence.
Yes please! +1
Reverse delegation is not secure by DNSSEC. I believe. We can't choose our own nameservers for reverse delegation.
Please add this. It's so important!!
I need this feature please!
We require dnsec and I'm shocked digital ocean don't support it
I need this feature please!
Would love to see DigitalOcean advancing in this area.
CloudFlare provides full DNSSEC support in their API since Nov 2015.
Implementation of this feature in DO API would be very helpful to many DO customers
(seems as not so big effort due to DigitalOcean DNS manager API wrapping CloudFlare API).
Thank you for your time and cooperation in advance.
Please add DNS-Sec
I so need this!
Yes please add dnssec!
This is really needed.
Definitely something 100% needed! This is keeping me from transferring all of my business to DigitalOcean
+1. DNSSEC support would be nice.
Yes, please add DNSSEC support! It's important, because we're in 21th century...
Please add DNSSEC support to the DNS Manager Thank you!
Digital ocean has a tutorial about enabling DNSSEC with bind (https://www.digitalocean.com/community/tutorials/how-to-setup-dnssec-on-an-authoritative-bind-dns-server--2) but doesn't provide it in is own DNS manager...
Also digitalocean.com doesn't implement DNSSEC https://www.tlsa.info/detail/digitalocean.com
«Why DNSSEC and DANE/TLSA are important
As all DNS records are usually unencryped and unsigned, attackers can easily manipulate answers from any DNS server on their way to the recipient. With DNSSEC, the authoritative DNS server signs the records for its domains and makes it possible to validate that the domain data is authentic. More information about DNSSEC
Having DNS records signed with DNSSEC helps to solve a second problem: in the last years SSL based web encryption has shown more and more weaknesses. There are many root certificates from certification authorities in your operating system's or browser's trust chain. All of them are able to issue a rogue certificate for any domain, for example by pressure from the government or a secret service. This makes man-in-the-middle attacks against SSL secured websites and mail servers all too easy.
With DANE it is possible to store the fingerprints of the valid certificates in TLSA records within a DNSSEC signed zone. So you don't have to rely on certification authorities anymore but can verify the SSL certificate for yourself. More information about DANE»
After google push https as signal to get better search position, I think DNSSEC will be the next signal.
Excuse me my bad english.
I'm really surprised this idea got so little feedback. DNSSEC is important! Properly done, it would make HTTPS websites running with self-signed TLS certificates actually more secure (publishing the public key in DNS)!
please cast your vote here: https://digitalocean.uservoice.com/forums/136585-digitalocean/suggestions/3606733-implement-dnssec
When will it be live?
Another vote for it!
I'm a little baffled that DNSSEC support isn't implemented by now ...
vultr.com has it.
Any updates on DNSSEC?
Could be a game changer for anyone considering expanding their use of Digital Ocean.
Lot of people are waiting for the DO to add DNSSEC yet no ETA.
I can't believe DO hasn't even commented on this here. We need it...
With the recent DNSpionage attack, securing DNS is entering the limelight. It would do DO well to implement this feature.
Did someone already say: please? DNSSEC should be default nowadays and with most providers you can just switch it on or off per domain. I really want to let DO to handle my DNS, but without DNSSEC it is a clear no-go.....
This should be a no brainer. It's 2019 already and this issue has been active since 2013. The alternative is to setup bind9 service on the main web server (thusly making it into a DNS server as well, coupled with the Digital Ocean DNS) and named service on any slave servers (i.e mail server). It's less push-button and more push-a-cupboard-up-the-stairs. I like learning, but not having DNSSEC configuration builtin to the DigitalOcean DNS service is somewhat of a detriment. At this point I might as well setup my own DNS server, which poses some problems of it's own. If it breaks there's a lot of extra work to be done to get it working again.
Please, DigitalOcean. Make it easier for us to secure our droplets, domains and DNS setup.
It's 2019. This shouldn't even need to be an "idea" as it should be reality by now. I want to manage DNS with DO, but unless they can get their DNS on par with all the other choices, DO clearly isn't the right choice.
Vultr has DNSSEC. You are behind DigitalOcean! DNSSEC should be standard by now.
How's it looking?
I thought this was 2019 - Couldn't believe I saw no DNSSEC option in the portal.
Lack of this feature is preventing me from moving DNS to DO, which is preventing me from using Spaces with a custom domain, which is forcing me to keep giving Amazon my CDN money...
I feel like I've been checking on this issue every 6 months for almost a decade. Makes me wonder if the people in charge at DO are actually techies or just indifferent business-person types. Just do it already.
I am also looking for it.
DNSSEC is a requirement from our customers. Nowadays we can not afford to ignore latest security requirements. We are pushed to move to another platform since DNSSEC is not available with DO.
+1 +1 +1
Would like to see this feature added
DNSSEC is important! Without it, (infected / malicious) DNS servers could route traffic to malicious servers, enabling fishing attacks. Is this difficult / costly to implement for DO?
You won't be notified about changes to this idea.