Filed with Developers [Case 4386] DNSSEC support in cPanel

[sawbuck]

Any word yet on cPanel support for DNSSEC?

Perhaps in conjunction with NSD?

[WebJIVE]

This is going to have to be incorporated sooner or later since all .gov sites are moving this direction. Banks and other ecomm sites follow this trend and once the public becomes aware of this, they will expect it from smaller ecomm sites as well.

[cPanelDavidG]

I see a bugzilla entry for this at: << Redacted: Bugzilla is no longer used >>
Unfortunately, I have no ETA on when this will be implemented.

[MACscr]

I know this is an old post, but the topic is still valid. Whats the status of DNSSEC support in cPanel?

[cPanelDavidG]

Greetings,

I was wondering if you can let us know what specific features and behaviors you need us to support so our product can meet your needs with regards to DNSSEC.

[bazzi]

basicly:

http://www.isc.org/files/DNSSEC_in_6_minutes.pdf

[vincento]

I would like to request DNSSEC support in Cpanel as well.

[redbee]

We would also like to see support for DNSSEC in cpanel.

Thanks,

rogier

[monarobase]

+1

Just to make sure you realize the need and also how urgent this request is !

[bhd]

Just to make sure you realize the need and also how urgent this request is !

Agreed. This is fast becoming a #1 priority. We've already got several people wanting it.

[Bigwebmaster]

I also agree and would like to see Cpanel features with this. Comcast just announced in our area that they are enabling DNSSEC for all customers within the next 60 days and even made a video for their customers here:

DNSSEC Video - Comcast's DNSSEC Information Center

So I expect the public will continue to become more aware of this.

[dthomas32308]

So any update from cPanel on this issue? With ISPs beginning to use DNSSEC, this is something that will cause large problems for hosts if this is not dealt with.

[cPanelDavidG]

So any update from cPanel on this issue? With ISPs beginning to use DNSSEC, this is something that will cause large problems for hosts if this is not dealt with.

Actually, if you're referring to the Comcast announcement, keep in mind only sites that use DNSSEC and have an incorrect security key for DNSSEC (a likely imposter site) will be blocked. Sites without DNSSEC-related records and sites with DNSSEC that also have correct security keys will continue to work.

A level-headed article about DNSSEC and its implementation by Comcast is available at: https://www.networkworld.com/news/20...-security.html

[dthomas32308]

Whilst that is understood, what is not being addressed is the time frame of when this feature will be available so we as the web hosts who support your company can offer this security service to our clients. It has already been brought up in this forum post also that many web sites, naturally, will be wishing to have this service as it is a security feature to further protect their web sites.

[cPanelDavidG]

Whilst that is understood, what is not being addressed is the time frame of when this feature will be available so we as the web hosts who support your company can offer this security service to our clients. It has already been brought up in this forum post also that many web sites, naturally, will be wishing to have this service as it is a security feature to further protect their web sites.

So, to narrow down what precisely is being desired, all you need us to support are:

- RRSIG records
- DNSKEY records
- DS records

Is that correct? Is there anything else?