Network

when edit Cloud Firewall from UI, now it only able to edit one entry then click "Save" to move next. when you have many IP and policy to set, it's too hard to go

Since TLS has support for Server Name Indication, there's no reason the load-balancers shouldn't be able to handle terminating multiple certificates. The alternative is to pass-through the SSL to the droplet, but this then means the load-balancer can't inject in the clients true IP with X-Forwarded-For.

it'd be tremendously useful to have a comment field for firewall rules in the webui. For example, comment what the hosts/networks are (when the rule was created) or why the rule was added.

For example I run some code in function and would be great if I will can access to my DB on the VPS via VPC for secure access

Current situation: If I enter my root domain into the "hostname" field I'm only allowed to create entries such as A, AAAAA, MX etc. but not CNAME. Wanted situation: I can create a CNAME entry with my root domain and this will be flattened automatically, like Cloudflare does ( https://support.cloudflare.com/hc/en-us/articles/200169056-CNAME-Flattening-RFC-compliant-support-for-CNAME-at-the-root )

This is field allows clients to discover protocol availability such as HTTP/3. https://gcore.com/docs/dns/dns-records/what-is-an-https-record-and-how-is-it-configured

GEO DNS + Multiple droplets.. is more than AWESOME setup..!! I'd love to see this service soon in DO, where you can create several droplets in several data centers and point your DNS zones toward these droplet. Visitors from NY for example get served by NY Droplet(s), Visitors from AMS get served by AMS Droplet(s). This way, you can build your own CDN within few moments, and get your websites performance-extra-charged. Your Votes, comments ?!

it requires manually operation after you associate Droplets as NLB backend, see https://docs.digitalocean.com/products/networking/load-balancers/how-to/configure-droplets-for-nlb/ if customer forget to do so, traffic to NLB never success. and when they added new Droplets, there will be silent packets loss with these new Droplets as they did not have correct route table.

currently only API & CLI method supported to configure Load Balancer firewall, it's not user friendly especially API & CLI update Load Balancer with PUT, not PATCH. as you have to provide the full parameters of the Load Balancer otherwise the specific parameter will reset to default, it's very easy to make production disruptions. CLI method not support to use json file, something like API curl --data or MySQL config-json, it makes CLI very hard to use. requirements: support update Load Balancer firewall with UI use PATCH but not PUT method with API & CLI when updating Load Balancer, just something like when you update MySQL configuration, see https://docs.digitalocean.com/reference/doctl/reference/databases/configuration/update/ support use local json file with doctl

As you guys are testing IPv6 in the Singapore region, I highly recommend you give users a /64 each when IPv6 rolls out. This is proper practice, and gives users more flexibility in terms of address selection.