Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Can I specify a port when adding a record upon creating a domain? Question Question
Unable to resolve server for apt-get Question Question

Question

Does DigitalOcean DNS support DNSSEC, and how do I turn it on?

Posted July 25, 2015 19.9k views
DigitalOceanDNS

So lets assume I’m using ns1.digitalocean.com, ns2.digitalocean.com, and ns3.digitalocean.com as my nameserves for example.com. Now how do I enable DNSSEC for example.com, assuming this is even supported with these nameserves?

Add a comment
andreashagen
By:
andreashagen

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Can I specify a port when adding a record upon creating a domain? Question Question
Unable to resolve server for apt-get Question Question
Add a comment
4 comments
  • martin.jozef November 21, 2015
    Reply Report

    This is a good question!
    I came across this because I just subscribed to google domains. As soon as I have configured DO nameservers I also have the option to configure DNSSEC.

    The site states the following:
    Domain Name System Security Extensions (DNSSEC) protect your domain from attacks such as DNS cache poison attacks and DNS spoofing. Your DNS provider can provide you with the values you need to activate DNSSEC.

    Does DO provides such values that I can use to active DNSSEC?

  • eexit December 6, 2015
    Reply Report

    Hello,

    I’m also interested on how to enable DNSSEC on my domains. I left a hosting solution/registrar that allowed me to enable DNSSEC in a single click and I would like to know if DO could provide such thing or a guide to do it.

    Thanks!

  • yaeykay May 15, 2016
    Reply Report

    Features like this should be added on DigitalOcean. +1

  • Shigaev April 6, 2021
    Reply Report

    The long-standing refusal to implement DNNSEC is a disregard for DO customers.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
13 answers
ben2020 March 13, 2018

The fact that Digital Ocean name servers don’t support DNSSEC can be a major issue. Some registrars will enable DNSSEC by default, and if you use Digital Ocean name servers you’ll get inconsistent resolving results, such as Google public DNS and many other resolvers not being able to lookup records for your domain. Beware before you use DO name servers in production!!

Reply Report
Warlof February 28, 2019

Hello there,

Is there any news related to DNSSEC for the DGO networking service?

Actually, it’s a really hot topic and since 2015 it should have been implemented 🔥

Reply Report
kamaln7 November 22, 2015

Unfortunately DigitalOcean’s nameservers do not support DNSSEC currently. You can vote for this feature and subscribe to notifications regarding any progress on it on our suggestions board:

If you still want to implement DNSSEC right now, you could use any nameservers that do support it such as Rage4.

Another option would be hosting your own Authoritative DNS Server with DNSSEC support:

Good luck!

How To Set Up DNSSEC on an NSD Nameserver on Ubuntu 14.04
by Jesin A
Serve secure zone files on a pair of NSD nameservers using DNSSEC. This tutorial shows you how to set up master and slave nameservers, and how to serve secure zone files for two domains.
Reply Report
rrs209 May 3, 2018

I am going through the same process as the OP @andreashagen explained in his 7/25/2015 post.
It’s May 2, 2018 … what’s the story on supporting Domain Name System Security Extensions (DNSSEC)?

I also see that @yaeykay noted in their 5/15/2016 post links to info about custom configuration details for “How To Setup DNSSEC on…”. Now even that seems dated.

With server-related security being such an important part of both working with DO PaaS tech but is also core to DO as a company, why has DO left the request for DNSSEC support within the Networking > Domains page (DO Cloud Admin) unanswered? This is still a high priority (and rightfully so) now almost 3 YEARS later? What does the DO roadmap look like now?

Reply Report
NearlyNormal July 4, 2019

Mid 2019, and nothing from DO. Where can we add our voice to this feature?

Reply Report
zalyx August 31, 2019

I’m also interested in having this feature added.

Reply Report
nojam September 3, 2019

I would also really like this feature.

Reply Report
jivanpal September 28, 2019

To those who desire this feature: currently, I would recommend moving to Cloudflare’s nameservers, but there is also a DigitalOcean feature request submission here:

https://ideas.digitalocean.com/ideas/DO-I-2481

Reply Report
chivingtoninc December 24, 2019

I would also like DNSSEC!!! Please add!

Reply Report
Woet July 25, 2015

No.

Reply Report
Previous 1 2 Next
Load More Answers

Related

Looking for something else?

Ask a new question Search for more help