I use the firewalls to block SSH from all but our employee IPs. However, those IPs change weekly, and I end up having to maintain a map and it's really confusing. I'd like to have a way to name them so I can easily update them. Different ways I've done this with traditional firewalls: • Create one SSH rule per person and name the rule • Create a named machine with an IP for each person, and add all those machines to the SSH rule Please please please let me know if this is something you can accommodate in the future.

I want to be able to apply a 'generic' DNS config to domains or copy configs from one domain to another.

This would allow me to scale an app seamlessly in real time, instead of needing to carefully time it against DNS cache latency. After playing around with the new Load Balancers for a bit, It seems like an obvious extension. By the way, I'm really pleased with the feature. It seems very polished.

Please add feature to allow direct access from server to load balancer in same VPC without passing through public Internet. For example, assume all servers and load balancer are in the same VPC: Server A => Load Balancer => Server B or Server C

floating/reserved ips it should be possible to tag them like you would droplets. as a minimum this would help with metadata about the reserved ips. for example any ip tagged 'prod' can only be used for prod services

The SOA record of a domain is created by DigitalOcean with set values. One of the values in the SOA record is used for Negative-TTL. Meaning how long a negative DNS response is cached for. This is a very useful parameter to modify for users who are frequently modifying DNS records (my example, developing and testing out Terraform scripts). When the Negative TTL value in the SOA record is too high (for example, 1 hour), it means I have to wait up to 1 hour before I can access my terraformed Droplet by FQDN. So, please allow users to modify the SOA record. If not the entire thing, then at least just the specific numerical parameters like the TTL value

Add ability to change private IP of a droplet in a VPC.

Add an option in the configuration so the load balancer listens on an ip on the private VPC, therefore request made to it via private ip range will be forwarded to the destination also on the private ip range.

More than one ip for a VM would be great. A small subnet maybe ..

Currently, managed databases cannot be selected as cloud firewall destinations for outbound rules. I would like to be able to do this in order to better manage egress from my droplets.