If you could, would you please add my vote for DNSSEC support as well?
Thanks!
3 years later it’s still not a thing and you’re just adding peoples names to a list. Netlify is not good for security I guess.
Getting sick of saying to people yep there is a red cross next to your domain for dnssec because netlify sucks and doesn’t care about your security.
hi there,
i know it’s not the experience we want you to have - and i am asking again and trying to find out if this is likely to happen anytime soon (or ever). Please do keep the feedback coming, it is ideal if you can tell is why exactly you want DNSSEC and why this is a priority for you. The more information we have, the more compelling case we can build to advocate for work to be done on this.
1 Like
Hi Perry. Thanks for following up on this here.
I am on a free account, and cannot really complain about anything much. Netlify is awesome and I love using it! So, thanks for the very nice service!
As for DNSSEC, I want to enable it so that I can connect my domain to ENS (Ethereum Name Service), a blockchain name server, and they need the domain to have DNSSEC enabled first.
Having said that, I want to point out, that if the blockchain based technologies become a lot more widespread and exchanging equivalents of money occur more and more, being sure that you are being routed to the correct domain becomes even more crucial. I can think of DNS spoofing techniques that hacker can use to route you to the wrong domain, have their own blockchain addresses and have you send them money. And you will never even know.
I don’t know how difficult or time consuming it is for Netlify to implement this, but I just want to say, if it is a reasonable amount of effort, it might be a nice low hanging fruit that basically increases security, sounds good on paper and If nothing more, you just see green checks when running: https://dnssec-analyzer.verisignlabs.com.
Thanks again.
Email security. SMTP DANE requires DNSSEC to operate. So essentially anyone who uses netlify for their DNS has to take a hit in email security. I’m sure your customers having to trade their email security to use netlify is not something yo want surely?
And I mean it’s been 3 years now, if there are no plans to impliment it in the near future I think by now you owe it to people to come out and say it so they can consider finding an alternative with DNSSEC
1 Like
hi there, i’ve passed your comments back to the team - all i can say is that it is not off the table, but i’m also not seeing any work for this prioritized. I understand it’s frustrating to hear that over and over again - believe me, if i, personally, could do more, i would.
I am a paying customer and would like to see DNSSEC implemented.
1 Like
There is still no DNSSEC support in 2022, nearing 2023. Is there any update on this? It should not take a lot of effort to enable it for all *.netlify.app domains, but has a big impact on security.
Hi @roni 
welcome to the forums! We are so glad you’re here. 
We’ve passed your comments and similar comments on this thread back to the team. DNSSEC support is not not off the table, but i’m also not seeing any work for this prioritized. I wish I had a better update and I understand your frustrations.
1 Like
I have just migrated from an external DNS to Netlify DNS and was really disappointed to find out that DNSSEC is not supported.
I might have to migrate back until this is added.
1 Like
I have managed to implement DNSSEC myself on a subdomain pointing to netlify.app by instead pointing this subdomain to another domain’s apex, and CNAME flattening that apex to netlify.app. This bypasses the insecure Netlify delegation. I needed to own 2 domains and setup DNSSEC 2 times for this.
Netlify’s netlify.app domain is registered at Name.com and its nameservers are on NS1.
Here is how to setup DNSSEC on NS1: https://help.ns1.com/hc/en-us/articles/360022247233-Enabling-DNSSEC-for-a-primary-or-non-secondary-zone
And here is how to setup that generated DS record on Name.com: Managing DNSSEC | Name.com
Please Netlify, it’s not difficult. Setting up DNSSEC took 10 minutes maximum for me on both domains.
One month passed again. Any update on this?
hey, we need DNSSEC on Netlify. we see it has not been implemented for 3 years. are you going to release this feature anytime soon? otherwise I have to migrate from Netlify to another platform. Please let me know how you’ll be releasing this DNSSEC feature. thanks.
There are no immediate plans to support DNSSEC. This might happen someday in the future, but nothing of this sort on the short-term roadmap.
4 months later again, still no DNSSEC. Netlify passes every modern internet standard except a very important one: https://internet.nl/site/netlify.app/2128583/
I’d request users to give a read to: https://blog.apnic.net/2020/01/31/why-dynamic-dns-mapping-prevents-dnssec-deployment/ so no one holds their breath for this being a possibility.
This is a very interesting article. Thanks for sharing!
However, said article also mentions that using Anycast instead of dynamic DNS mapping prevents this very problem. Has this possibility been considered?
Considering the lift of migrating an entire platform of maybe millions of live production, business-critical sites while making sure that nothing breaks, current functionality is at least maintained (if not improved), is easier said than done. That’s not to say that the possiblity is not considered, it’s just not considered a big-enough priority right now.
All this to say, this is not planned on any short-term road-map. Maybe one day this might happen, but as I mentioned, it’s best not to hold your breath. If it’s very important for you to have DNSSEC, you can definitely check out other platform that might match your needs closely.