DNSSEC Enforcement over DNS-over-HTTPS
not pursuing
R
Ryan Poppa
DNSSEC Enforcement support for clients using DNS-over-HTTPS
Minetta Gould
updated the status to
not pursuing
This isn’t on our near-term roadmap, but our Platform team is researching what changes would be required to support DNSSEC enforcement for DoH clients. We’ll keep an eye on traction and revisit if it becomes feasible.
Eric Nix
Minetta Gould I feel like DNSFilter is behind other DNS providers in supporting DNSSEC. DNSSEC should be enabled by default at this point in time.
Minetta Gould
Eric Nix: Appreciate you calling this out! DNSSEC support is something we keep an eye on, but at the moment it isn’t prioritized ahead of other work on the roadmap.
If we see broader traction from other customers through votes and comments, we’ll revisit the request and reassess it for future prioritization.
Eric Nix
Minetta Gould Can you guys discuss this again internally? This should be an easy fix to implement DNSSEC DoH support.
Minetta Gould
Eric Nix: hi again 🥰 Our position hasn't changed on this one—without broader customer demand, it's not something we're able to prioritize right now.
Interested users should keep the votes coming and we'll revisit if traction grows! 🙌
Eric Nix
Minetta Gould understood, but if the DNS relay servers and IPv4 addresses allow DNSSEC, it seems like a simple thing to allow DNSSEC over the DoH server? Maybe I'm missing the complexity here, but it seems like a very simple thing to add this.