DO Ideas 2

Add DNSSEC support to the DNS manager

This would mean that you would allow us to upload our DNSSEC keys in the manager, so that your name servers can sign their responses, and prove authenticity of their responses.

  • Will
  • Sep 11 2018
  • Attach files
  • Richard Lowery commented
    September 11, 2018 18:57

    Any updates?

  • Gerson Medeiros commented
    September 11, 2018 18:57

    Hello everyone!
    Any news about when the service will be available?
    Thank you,

  • Eugene commented
    September 11, 2018 18:57

    Come on, we need the feature!

  • Ethan commented
    September 11, 2018 18:57

    I too would like this.

  • Shawn commented
    September 11, 2018 18:57

    Another vote for this.

  • Bengt commented
    September 11, 2018 18:57

    +1

  • anton commented
    September 11, 2018 18:57

    Please, add it soon! We need it.
    We are begging you!

  • rookie.ks commented
    September 11, 2018 18:57

    This is a must-have feature. While I love DigitalOcean, I would really love to see DO support DNSSec.
    I can't wait to use it.

  • Gabor Gajdos commented
    September 11, 2018 18:57

    Any date on this?

  • Anonymous commented
    September 11, 2018 18:57

    Please add this feature soon.

  • Anonymous commented
    September 11, 2018 18:57

    Really need it!!!

  • corentin commented
    September 11, 2018 18:57

    Really need it

  • Anonymous commented
    September 11, 2018 18:57

    Need it ? !

  • Richard commented
    September 11, 2018 18:57

    Need it

  • Anonymous commented
    September 11, 2018 18:57

    Needed

  • David Ferreira commented
    September 11, 2018 18:57

    DNSSEC FTW 🚀

  • Jonathan Fontes commented
    September 11, 2018 18:57

    ... Come on guys, just do it.

  • Tom Bedford commented
    September 11, 2018 18:57

    Have been so impressed by the DO droplets, would really love to have that with DNS but as DNSSEC isn't available, it means that DO's domain features are kind of useless if you have any serious thought about protecting your domains.

  • Daniel Hawton commented
    September 11, 2018 18:57

    They even tweeted this a year ago and still haven't moved on it...

  • nl1k commented
    September 11, 2018 18:57

    A response from the DO team would be appreciated.

  • Navjot tomer commented
    September 11, 2018 18:57

    It should be added it's 2018 and every other dns provider has it supported.

  • William Fales commented
    September 11, 2018 18:57

    This idea request has been open for 5 years with no movement?

  • Karl Erik commented
    September 11, 2018 18:57

    It's a downer that we don't have ability to use DNSSEC with DigitalOcean in 2018. Definitely something we're looking forward to in near future, don't disappoint us :=)

  • rrs209 commented
    September 11, 2018 18:57

    +1, please add DNSSEC!

    How many votes are needed to move this into In Progress?

  • Kenneth Staub commented
    September 11, 2018 18:57

    +1

  • Michel commented
    September 11, 2018 18:57

    +1, please add DNSSEC!

  • Anonymous commented
    September 11, 2018 18:57

    Please add DNSSEC to your servers

  • Anon commented
    September 11, 2018 18:57

    Please add. Will be most useful.

  • Anonymous commented
    September 11, 2018 18:57

    +100. Please add this. We'll be moving servers otherwise.

  • Shanx commented
    September 11, 2018 18:57

    Please add this feature.

  • Leland Jansen commented
    September 11, 2018 18:57

    +1

  • Katia commented
    September 11, 2018 18:57

    Please add DNSSEC to your servers!

  • Patrick commented
    September 11, 2018 18:57

    We seriously need DNSSEC. Digital Ocean, do something.

  • Scott Randolph commented
    September 11, 2018 18:57

    The time has come to become a full service hosting provider!

  • Wim commented
    September 11, 2018 18:57

    Please just add DNSSEC to your servers

  • Andrey commented
    September 11, 2018 18:57

    Why is this not done yet?

  • Walid Mujahid وليد مجاهد commented
    September 11, 2018 18:57

    how can this not exist yet?

  • Anonymous commented
    September 11, 2018 18:57

    +1

  • Anonymous commented
    September 11, 2018 18:57

    we still waiting

  • Anonymous commented
    September 11, 2018 18:57

    we still waiting! common

  • Nigel Holland commented
    September 11, 2018 18:57

    Come on DO lets make this happen

  • David Ferreira commented
    September 11, 2018 18:57

    We are in 2018 and still nothing? Come on DigitalOcean!!

  • Saumya Kanta Swain commented
    September 11, 2018 18:57

    Please add it soon

  • Zach commented
    September 11, 2018 18:57

    Yes.

  • Wayand Bahramzy commented
    September 11, 2018 18:57

    yes please

  • Wayand Bahramzy commented
    September 11, 2018 18:57

    yea do it

  • tkadm30 commented
    September 11, 2018 18:57

    +1

  • Don Burks commented
    September 11, 2018 18:57

    Given the world of privacy/security we live in now, this only makes sense to offer.

  • Anonymous commented
    September 11, 2018 18:57

    It would be very helpful if this functionality was added.

  • Aritz Madariaga commented
    September 11, 2018 18:57

    Please, add this to functionality

  • Tre Giles commented
    September 11, 2018 18:57

    It's been 5 years. It's nearly 2018 guys. Time to resolve this technical debt.

  • Alexander Gebhard commented
    September 11, 2018 18:57

    Please implement this ASAP. This has been "Gathering Feedback" for 3 years now. My organization needs this to protect our DNS. Please!!!

  • Dustin commented
    September 11, 2018 18:57

    I concur, this needs to be added ASAP for those who want a full security setup for their websites.

  • Alex Karshin commented
    September 11, 2018 18:57

    Most valuable thing to get done, IMO

  • Emil Klindt commented
    September 11, 2018 18:57

    Can't see the reason not to

  • Oscar Quinteros commented
    September 11, 2018 18:57

    has to be done

  • Elmar commented
    September 11, 2018 18:57

    +1

  • yuan commented
    September 11, 2018 18:57

    please add

  • Takuya commented
    September 11, 2018 18:57

    +1 yes, please add DNSSEC support! This is a very useful security feature

  • Pablo González Portela commented
    September 11, 2018 18:57

    +1, I believe it is a crucial feature and may have reconsidered choosing Digital Ocean had I known this beforehand.

  • Debra commented
    September 11, 2018 18:57

    Yes, please add this. Some of us want to decentralize our data, but security needs to be a top priority.

  • kumowoon1025 commented
    September 11, 2018 18:57

    +1. I am in a position where I have to choose between DO’s DNS for PTR records, and gcloud’s beta implementation of DNSSEC.

  • Anonymous commented
    September 11, 2018 18:57

    +1

  • Roald Hacquebord commented
    September 11, 2018 18:57

    +1

  • Daniel Suiding commented
    September 11, 2018 18:57

    +1

  • Andrew Sowden commented
    September 11, 2018 18:57

    Gathering feedback from three years ago??? C'mon guys - get it sorted for us ...

  • Anonymous commented
    September 11, 2018 18:57

    I was planning on moving to Digital Ocean DNS, but then I found out there is no DNSSEC there...

  • Blair Mitchelmore commented
    September 11, 2018 18:57

    +1

  • bntly commented
    September 11, 2018 18:57

    +1

  • Anonymous commented
    September 11, 2018 18:57

    +1

  • Anonymous commented
    September 11, 2018 18:57

    +1

  • Andrew Sowden commented
    September 11, 2018 18:57

    Any update from DO?

  • Андрей Кравчук commented
    September 11, 2018 18:57

    +1, would be really helpful

  • Anonymous commented
    September 11, 2018 18:57

    +1

  • Alex commented
    September 11, 2018 18:57

    +1

  • WM commented
    September 11, 2018 18:57

    +1. Yes, this will be a good security feature to have.

  • Tobias Ehlert commented
    September 11, 2018 18:57

    +1

  • Mohammed Abdalkarim Alnamer commented
    September 11, 2018 18:57

    +1

  • Anonymous commented
    September 11, 2018 18:57

    +1

  • Anonymous commented
    September 11, 2018 18:57

    +1

  • Anonymous commented
    September 11, 2018 18:57

    +1

  • Anonymous commented
    September 11, 2018 18:57

    +1

  • Roald Hacquebord commented
    September 11, 2018 18:57

    +1 Would love this feature!

  • JayD commented
    September 11, 2018 18:57

    Absolutely! +1

  • Abhishek Shah commented
    September 11, 2018 18:57

    i am surprised dig.ocean doesn't have this.

  • Bjarke Jensen commented
    September 11, 2018 18:57

    I support this. I'd love for my server to be further secured against unencrypted DNS attacks.

  • Anonymous commented
    September 11, 2018 18:57

    I'm suggesting to improve DO DNS system by adding the DNSSEC support.

    DNSSEC protocols is designed to add security to the DNS to protect it from certain attacks, such as any data modification attack (e.g. cache poisoning). It's a set of extensions to DNS, which provide origin authentication of DNS data, data integrity and authenticated denial of existence.

  • Steven Sheffey commented
    September 11, 2018 18:57

    I support this. I'd love for my server to be further secured against unencrypted DNS attacks.

  • Joris Berthelot commented
    September 11, 2018 18:57

    Yes please! +1

  • HLFH commented
    September 11, 2018 18:57

    Reverse delegation is not secure by DNSSEC. I believe. We can't choose our own nameservers for reverse delegation.

  • Anonymous commented
    September 11, 2018 18:57

    Please add this. It's so important!!

  • Ivars Indriks commented
    September 11, 2018 18:57

    +1

  • Anonymous commented
    September 11, 2018 18:57

    I need this feature please!

  • David Redfern commented
    September 11, 2018 18:57

    We require dnsec and I'm shocked digital ocean don't support it

  • Juliano Dias commented
    September 11, 2018 18:57

    I need this feature please!

  • Robin commented
    September 11, 2018 18:57

    Would love to see DigitalOcean advancing in this area.

  • Steve commented
    September 11, 2018 18:57

    CloudFlare provides full DNSSEC support in their API since Nov 2015.
    Implementation of this feature in DO API would be very helpful to many DO customers
    (seems as not so big effort due to DigitalOcean DNS manager API wrapping CloudFlare API).

    Thank you for your time and cooperation in advance.

  • Tim commented
    September 11, 2018 18:57

    Please add DNS-Sec

  • Jeff commented
    September 11, 2018 18:57

    I so need this!

  • Andrei Solovev commented
    September 11, 2018 18:57

    Need this!

  • Jeroen commented
    September 11, 2018 18:57

    Yes please add dnssec!

  • Bobby commented
    September 11, 2018 18:57

    This is really needed.

  • CM commented
    September 11, 2018 18:57

    Yes Please!!!

  • Sal Zaydon commented
    September 11, 2018 18:57

    Definitely something 100% needed! This is keeping me from transferring all of my business to DigitalOcean

  • Anonymous commented
    September 11, 2018 18:57

    +1. DNSSEC support would be nice.

  • Michal Vašíček commented
    September 11, 2018 18:57

    Yes, please add DNSSEC support! It's important, because we're in 21th century...

  • Ron Burgenty commented
    September 11, 2018 18:57

    Please add DNSSEC support to the DNS Manager Thank you!

  • Anonymous commented
    September 11, 2018 18:57

    Digital ocean has a tutorial about enabling DNSSEC with bind (https://www.digitalocean.com/community/tutorials/how-to-setup-dnssec-on-an-authoritative-bind-dns-server--2) but doesn't provide it in is own DNS manager...

    Also digitalocean.com doesn't implement DNSSEC https://www.tlsa.info/detail/digitalocean.com

    «Why DNSSEC and DANE/TLSA are important

    As all DNS records are usually unencryped and unsigned, attackers can easily manipulate answers from any DNS server on their way to the recipient. With DNSSEC, the authoritative DNS server signs the records for its domains and makes it possible to validate that the domain data is authentic. More information about DNSSEC

    Having DNS records signed with DNSSEC helps to solve a second problem: in the last years SSL based web encryption has shown more and more weaknesses. There are many root certificates from certification authorities in your operating system's or browser's trust chain. All of them are able to issue a rogue certificate for any domain, for example by pressure from the government or a secret service. This makes man-in-the-middle attacks against SSL secured websites and mail servers all too easy.

    With DANE it is possible to store the fingerprints of the valid certificates in TLSA records within a DNSSEC signed zone. So you don't have to rely on certification authorities anymore but can verify the SSL certificate for yourself. More information about DANE»

    Source: https://www.tlsa.info/detail/digitalocean.com

  • Leonardo commented
    September 11, 2018 18:57

    After google push https as signal to get better search position, I think DNSSEC will be the next signal.
    Excuse me my bad english.

  • Dimitri Torterat (Diti) commented
    September 11, 2018 18:57

    I'm really surprised this idea got so little feedback. DNSSEC is important! Properly done, it would make HTTPS websites running with self-signed TLS certificates actually more secure (publishing the public key in DNS)!

  • Gabriel Gonçalves Nunes Mazetto commented
    September 11, 2018 18:57