Sergey , it is clear a part of your customers do want this option regarding of you see the advantage or not. i do not see the advantage but i see my discount , so give us a break and help is lower our cost! registrars who offer discount for this do actually see the advantage of it otherwise they would not offer de discount. it is clear they want it implemented in as many domains as possible.
who is parallels to argue with this?
you claim there are more important issues that are coming first.
i would say hire more people or work faster , you can afford it.
implement dnssec in the next upgrade or make a extension for it available.

Also would love it!

Messrs Estidamados
Without DNSSEC upgrade Plesk are exposed to this

Recently vulnerabilities in the DNS were discovered that allow an attacker to hijack this process of looking some one up or looking a site up on the Internet using their name. The purpose of the attack is to take control of the session to, for example, send the user to the hijacker's own deceptive web site for account and password collection.

These vulnerabilities have increased interest in introducing a technology called DNS Security Extensions (DNSSEC) to secure this part of the Internet's infrastructure.

https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-es

Let's make it simple: we are running hundreds of servers and VPSes - and our decision which Panel we promote has more and more a tendency to DirectAdmin, as they provide features like DNSSEC or mod_ruid2 - exactly what our clients here in NL are asking for.
The DNSSEC feature in DirectAdmin is flagged as Beta, as it can be used currently on admin level only - but it works exactly as it should.
For Plesk 12 you can also order a DNSSEC extension for 5 Dollar per month from Admin-Ahead. Works too - but I expect this to be a core feature of a modern Panel, not an expensive add-on from a 3rd party....

Let me state it like this: not offering it to our customers in 2014 makes us look like retarded morons that are years behind, don't understand their business (aka incompetent) or simply don't care about security. Esp. with over 35% of the .nl domains already taking security of their customers seriously - which we can't with plesk. Not without hosting the DNS on another system and plesk was actually purchased to make administration easier - not to increase the burden having to work around it.

Not offering it in 2015 means switching to another product or loosing customers. We won't go with the latter.

The only security measure that plesk added over the last 5 years or so that made me happy was the mail limit in 12. If you'd provide mod_ruid2 or mpm-itk that would make me even happier, because that would address some *friggin' serious* security issues (yes possibly adding some but so far I've not seen exploits against it) - even alleviating many of the needs which made you add the mail limit in the first place. So there's much to be said about the order in which you address security issues to begin with.

If you want statistics I'll take a wild guess, like most statistics companies do anyways. Most die-hard admins are too busy. Most we-don't-want to-learn-or-read-a-manual-and-be-an-admin-that's-why-we-need-plesk users come to your conferences. Since they're apparently not educated enough to know how to press update in wordpress forcing you into writing some module around it, which is bound to only give issues at some point or actually delay updates instead of making them faster, or just pisses of customers when their custom modules fall over - is probably a very clear indication of how much of the security matters they can actually comprehend - let be estimate their true value. Maybe you'd want to take a look at these estimates and see how far they actually match up.

But to be blunt, the amount of scripting/adjusting I need to do plesk currently nearly validates writing my own panel so my less linux savvy colleagues can create webspace too - which was the largest reason for purchase anyways. Over 90% of the stuff we don't use. We create webspace, ftp users, databases and on the odd occasion our customer doesn't run their own mailserver perhaps some mailboxes. All the site designing stuff, package installers, etc. - out of a mere ~550 domains - *0* users. ZERO.

Want to know about the amount of users I can explain linux permissions over and over and over again because there's no mod_ruid2/mpm-itk? I don't think you really want to go there - if you did it would have been implemented 3 years ago *at least*. Heck, you'd probably would have written your own a decade ago.

Hi, every one should know that 70% of all i-net traffic is spam, every good admin has to do many setup up at his server/s to get it secure and his customers secure and protected for spam /hacks if an admin has no clue what he is doing it took only some days to get his server hacked, i hear it every day of hacked root servers due to a panel is not secure enough. In germany all domains have a DNSSEC enabled since 2010 managed by denic.de so all german domains could be changed to DNSSEC but to do it manually it's again many reading and testing, this cost men power and time. DNSSEC would stop most of all spam and DNS spoofing, last year Google was attacked in Europe with 40 giga bytes per second over DNS spoofing so it is a real problem, Google can handle it but not every Company has the money, equipment and men power to handle this and it could every day hit a other company. So DNSSEC would be a very very very big security upgrade and i guess when a company would be the number one the market, then is no reason to waist time. I don't who is going to your meetings or who talk to you, but from my point they didn't know what they talking about.

Cheers
Marcus

it seems they only listen to you when you tell it on a summit.
all the other thousands of people who have more important things to do are not heard.
i guess they also told on the summit that a facebook like button and a wordpress admin was more important. because you can not update directly in wordpress or we just want to be blund and update wordpress without permission from our customers
as long are people arguing if it is essential or not plesk should implement it and the people who think it is not a big deal can dig in the favorite config file to disable it.
both parties happy.

For me is amazing how parallels wastes time coding a wordpress admin on PLESK 12, but not implementing DNSSEC.

To use the new upcoming standard for secure mail transport "DANE", DNSSEC is essential!

You can use

https://github.com/TamerRizk/autodnssec

to automate management of DNSSEC with support for Plesk events, TLSA records and SPF.

Hi Sergey,

I'm surprised at Paralells' attitude towards DNSSEC. Exactly the same attitude was shown by the industry towards IPv6 - "It's no big deal". Yeah, until it's too late and IPv4 runs out...

Sean

2 Daniël Drenth

We have asked this question on Plesk special interest session in Parallels Summit 2014 and World Hosting Day 2014. In both cases everyone said that there are much-much more important things (including security things) to do in Plesk than DNSSEC. Many people said that if they had a need to hack, there are much easier ways for that. We also consulted with one of major domain registration companies in Europe (offering DNSSEC) and they also said it is not big deal.

We spotted no support to this idea at both conferences.

Sergey,

We are a few months later, the state Plesk in the case at this time. And what have been the reactions to Parallels Summit 2014?

Dear Sergey

I Agree with Daniël Drenth.
We pay top dollar for the Plesk Panel and a future like dnssec should be seen in Plesk first before the cheaper concurrent.
I think Parallels is very negligent in this issue and it is a shame that customers need to beg for a future what should be already there.

Dear Sergey,

I still feel that Plesk DNSSEC does not look like a serious security . This is mainly due to the question of whether we can deliver that DNSSEC makes the difference . Examples
As already answered by me , I have already passed three cases in which this is definitely the case . It is also indicated that much more efforts are expected to intercept DNS traffic and influence .

Case 1 : http://www.theregister.co.uk/2009/04/22/bandesco_cache_poisoning_attack/
Case 2 : http://blog.fox-it.com/2013/08/05/dns-takeover-redirects-thousands-of-websites-to-malware/
Case 3 : http://thehackernews.com/2014/02/hackers-exploiting-router.html

Also, the competitors Plesk example DirectAdmin already far they have released a beta version of support for DNSSEC http://www.directadmin.com/features.php?id=1525 .

Since January 1, 2014 , new TLD even required by the Registrar Accreditation Agreement for DNSSEC to offer . Most TLD at this time even completely finished with the implementation. Where NL TLD was ready in 2012 and at present is already 25 % of all NL domains DNSSEC validated .

I am very disappointed with how Plesk presents itself.

Dear Thomas,

The point of the "$1" question wasn't to measure revenue, but to help you communicate to us potential value of the DNSSEC function to Plesk users. Unfortunately we haven't heard much in response so far.

At this point we know about very subtle evidence of possible threat and we know about discount in some EU TLDs. It doesn't help us understand what kind of value we can offer with this function. As for "prove care for security" - we deliver security improvements each release and we have a number of possible candidates for better security. At least some of them seem to be higher priority than DNSSEC. We still hope to see interesting information here.

In about a week, there will be Parallels Summit 2014 where we will meet international customers and ask them about DNSSEC among other topics (including additional security). Perhaps we will know something interesting from there.

Sergey, using DNSSEC is not a discussion about revenues but simply a need to make DNS a secure protocol. Although DNS spoofing might be "a very unlikely kind of threat" nowadays, it will certainly be an issue in the future. Who did used IMAPS/POP3S/HTTPS 10 years ago? Very few compared to today. But does they make sense? Sure.

I don't think people are willing to pay for DNSSEC, but one day they will see it as an evidence. It's an opportunity for Parallels to prove they understand that security as a top priority for their customers.

For small list serving mail servers where there is less technical expertise/time available for the hostmaster, this tool / facility would help with the acceptance of email information. It is a continual battle for passing validated list information to ones client nowadays. We need all the latest tools. I appreciate that you are concerned with the speed issue but an on/off switch to allow those systems to use it if required would be very helpful.

Thanks to everyone who shared information. We much appreciate it and we can see your disappointment for unavailability of DNSSEC. However we cannot see yet practical advantage of DNSSEC and we are much interested in any available examples of damage caused by DNS spoofing or stats for DNS spoofing attempts. So far it looks like protection from a very unlikely kind of threat and the only practical advantage would be registrar's discount for DNSSEC support.

Just for the purpose of driving discussion closer to practical value - lets assume someone gives you DNSSEC support for +$1/month per domain. Does it worth it? Could you explain your opinion?

Same for the .eu, .cz, ch, .se, .be TLD's which implemented DNSSEC in 2010. We asked Parallels to integrate this as a Plesk feature in 2010 (http://forum.parallels.com/showthread.php?99001-is-there-a-roadmap-for-dnssec-in-plesk). It's quite frustrating that for another 4 (!) years Parallels hasn't picked up this, as it is practically impossible for Plesk Hosters to implement this if Plesk is not supporting it.

We would like a feature that allows to enable DNSSEC for a domain, which automatically generates and renews the keys. Let's hope that Parallels is taking security seriously enough to implement this soon.