Scalable compute services.
Simple object storage.
Run managed Kubernetes clusters.
Tools & Integrations
Automate your infrastructure.
Deploy pre-built applications.
Connect, share and learn
DevOps and development guides
Questions & Answers
Development and systems Q&A
by Justin Ellingwood
This would mean that you would allow us to upload our DNSSEC keys in the manager, so that your name servers can sign their responses, and prove authenticity of their responses.
You've been industry first in many, why laggard in this?????? Hard to understand.
Still waiting years later...
Please add dnssec feature. :)
can we get this feature soon? we really need dnssec feature in your domain manager DO.
Yes ++ I setup my own DNS server with my droplet so I could use DNSSec which worked brilliantly with my test .com but failed miserably when I rolled it out with my country's TLD as they must be more strict and wouldn't let me fudge two name servers resolving to the same IP. I was oh so close <<shakes fist>>
Come on DO, this has been requested for at least the last 6 years. This is no longer something nice to have, but something that is essential.
Similar to full support of SSL/TLS on customer-facing services, DNSSEC provides chain-of-trust to DNS resolvers. We're also facing legal requirement of DNSSEC in governmental projects currently.Lack of DNSSEC is also valid report in BugBounty, if your service (hosted on DO) has a bugbounty program.
And lastly, requiring domain to be hosted with DO for Let's Encrypt certificates in other services, eg. Spaces or LoadBalancer, should not lower the domain security by stripping the DNSSEC (which currently almost all domain registrars in EU support), that is in my opinion plain wrong.
+1 please it is needed for hosting a mail server
This really needs to be implemented, given the increasing number and sophistication of attacks on legitimate websites. Phishing can be taken to a whole new level if a MITM can inject him/herself into the DNS query and redirect an unsuspecting (or even a very careful) user to a malicious site with the correct domain name. How do we know that a site really is who it says it is anymore without DNSSEC?
I'd also like this feature. I only run a hobby project on DO, so my use case is more familiarization and exploring this.
However, it's one of the things that https://sikkerpånettet.dk checks which is a project by several Danish organizations, including E-mærket which is a certification label that Danish webshops can apply for. So for businesses, it'd be very attractive to offer this.
You already offer CAA records, which is another security feature. Please consider increasing DNS further with DNSSEC.
Please add this to DNS Manager
You won't be notified about changes to this idea.