Azure DNS needs DNSSEC support
DNSSEC is required to be able to secure your DNS requests. At the moment this is not available. We cannot move until our domains to Azure DNS untill these requirements have been met.
DNSSEC remains on our long term roadmap, however it is unlikely to be available in CY 2019. If DNSSEC is a critical and immediate requirement for your business we’d suggest that you consider evaluating 3rd party DNS hosting solutions that provide this feature.
I am adding my voice to the desire that this be an available feature in Azure DNS. As it is we are migrating our DNS but we won't be able to continue with DNSSEC which every DNS on the internet should support in order to be a good netizen.
Andrew McNaughton commented
It is disappointing that Microsoft can have great DNSSEC support in Windows Server, going back many years, but the Azure solution still doesn't match it. At least we know Exchange Online will be delivering this on outbound mail and has employed it for incoming mail.
Rudi Larno commented
And it's been 2 years now, if you count the last response.
Aaand it's been 5 years, if you count the first response.
Given the amount of scams and phishing going around, how come Azure customers still do not have DNSSEC.
Ali Rashid commented
Any update on this? As mentioned DNSSEC is getting to the point of being specified as a requirement in many cases.
Rackmount.IT - Eric commented
Hi, I do value the implementation of DNS in Azure. It's fast, functional, also new types are implemented (like CAA record) but why o why there's no support for DNSSEC!!!!
This is long long overdue. Come on Microsoft you can do it!!!
Luis Vigil commented
In the Fedramp report for SC-20 and 21 Microsoft mentions: This control is only applicable to the customer if hosting DNS and resolving .gov domains.
Is there independent confirmation for this statement?
The lack of support caught me by surprise; I didn't even think to check, because I would absolutely expect any reputable DNS to support as much security as possible. DNSSEC isn't exactly cutting-edge tech at this point, and now (because I'm not willing to give it up), I have to manage my DNS in a separate platform.
We really need an update that's less than two years old--this should be a requirement for every customer.
Last update was for 2019, and now it's 2021, exactly how far down is this on your backlog?
As cyber security firm, we recommend customers tio implement DNSSEC. But they can’t on Azure yet...!! Any update on this feature?
Marcel Tegelaar commented
We use Azure for our SaaS offering, including a lot of DNS zones. We are getting red lights on customer pentest reports because of this.
Is there any planning for DNSSEC in Azure DNS?
I work for a large bank and we'd prefer to use Azure for DNS registration and DNSSEC since a lot of our systems are out there. There's no reason we wouldn't use Azure if it was available.
Jonas Inghammar commented
Come on now Microsoft. DNSSEC is more or less a requirement for all customers today and every other provider worth a mention have had this for years. I would love to move all DNS hosting to Azure to be able to manage everything in one place but until this is solved we are stuck using other providers. I have full respect for the engineering investment required but when you are competing in the big league you need to go all in!
Can you please give us an update on this?
Thomas Zarnhofer commented
any update on this? DNSSEC support in combination with domain registrar capabilities to automatically enable DNSSEC on domains would be a very useful feature! If you support DNSSEC and act as a registrar for a broad range of TLDs, we will maybe think about moving up to 700 domains to Azure DNS, if pricing for registrations is also able to compete with our current provider.
Jorge M commented
Are you really suggesting me to evaluate Amazon or Google to host DNS? 🤐
Jorge M commented
Are you really suggesting me to evaluate Amazon to host DNS? :-/
Fernando Marçal commented
Hello, also adding "is there an update?".
Brian Davidson commented
Just adding to the "is there an update?" comments.
Hans Chr. Andersen commented
Are there any updates on this?
Jon Beck commented
If you are interested in being part of the conversation on how Azure implements DNSSEC. Please sign up to be in the DNSSEC customer advisory cohort here:
Microsoft what are you doing!!!