Azure DNS needs DNSSEC support
DNSSEC is required to be able to secure your DNS requests. At the moment this is not available. We cannot move until our domains to Azure DNS untill these requirements have been met.
Thanks for the suggestion. We recognise the strategic importance of DNSSEC and it is a key feature on our long-term backlog.
DNSSEC represents a very large engineering investment, and hence we have to prioritize carefully vs other work. The most customer data we can get supporting the need for DNSSEC support, the better prioritization decisions we can make. We appreciate your votes and your comments.
Any ETA for this? This has been on the roadmap since atleast mid 2016.
Would be one more feature to get customers to move their public DNS to Azure as well. Azure should support the latest security state of the art functionality here.
Just adding my voice to request DNSSEC support.
Alfredo Cartagena commented
Just another vote for this functionality. If this is in the near term roadmap, please advise as this might sway the decision...thanks!
DNSSEC is critical for many regulated and government environments, both inside and outside the US. Obviously, customer can spin up a bunch of IaaS Windows/Linux VMs and do this themselves, but that's wasteful, and turns away customers. All the major DNS hosting providers have offered DNSSEC for years.
Ruud Rombout commented
Nice to hear, and what about the support of DANE? Also DANE is required for Dutch municipalities!
Dutch municipalities have to adhere to standards as set by the Dutch Government https://www.forumstandaardisatie.nl/open-standaarden/lijst/verplicht - without adherence no cloud solutions.
Johan Johansson commented
Lack of DNSSEC is the only thing stopping us from moving our DNS to Azure.
would be nice!
Stefan B. Christensen commented
Any update from Microsoft on this request? It's quite important for many companies and a showstopper for migrating to Azure DNS for many
I second the suggestion. Plus DANE and TLSA.
I endorse this!
More and more companies and governments are requiring DNSSEC (and DANE for secure mail transport). For example see:
Also note that others like Cloudflare and Google do support DNSSEC. See:
DNSSEC is becoming a showstopper feature for services operating in regulated environments.
+1 With so much leading edge capability in Azure, it's surprising that DNSSEC in not available there. Is there any sort of ETA on rollout?
Anders Linnlökken commented
Please add DNSSEC to your service. I would gladly pay some extra $ to have this function.
Have a nice day
Olov Karlsson commented
We are investigating the possibility to move our entire hosting business to Azure. DNSSEC is a requirement for many of our bigger customers and we have signed all our customers zones for several years. In my point of view: Support for DNSSEC is much more crucial than support for IPv6 and you have had support for IPv6 in more than a year...
S Sarma (MSFT) commented
As mentioned previously DNSSEC support is one of our top priorities but represents a large engineering investment. As such our current timeline for supporting this in Azure DNS is by mid-2018 (CY). We appreciate your votes and feedback.
Dominik B commented
We are currently beta testing DNSSEC von Google CloudDNS and would like to see feature parity on AzureDNS.