LV registrars are currently have mass marketing champaign about DNSSEC too.

Sergey,

Sorry but my first reaction wood be: are your questions serious? We are a Parallels Partner and we expect a Plesk Panel with the best and newest security features. Why because we and our customers expect from Plesk they are on the same level.

On this moment DNSSEC is still in starting fase and on many levels it's not complete implemented. But in the Netherlands we are leader in the world, I think in basic this is because NL registrar give discount for DNSSEC domains. So a few providers implement DNSSEC complete for all domains and also use DNSSEC in their marketing. So for Plesk Partners it's not possible to get the discount and also use the marketing option.

For us as a hosting provider is the discount not important but we want to offer to our customers. Every possible security features that's on the market. Now it's not that there are many customers ask for but this will definitely make a point to be seen using other parties in their marketing. We all know that DNS is not secure and that DNSSEC is the solution, so why would we not want to implement.

For me I'd like to see DNSSEC to avoid insecure keys with DKIM which is also under review IIRC.

We are not communicating dates due to they may change later and thus would only establish false expectations. However, statuses of all requests are regularly updated and can be monitored. Once assigned for a particular release, the request will become PLANNED and then STARTED once actual development is launched.

regards
/Parallels team

Maybe it's also possible to add directly support for TLSA-records to secure SSL certs => DNSSEC => DNS

It should be easy for Plesk to generate TLSA record if SSL cert is installed and DNSSEC is enabled.

For example:

_443._tcp.www.dnssec.nl. 86191 IN TLSA 1 0 1 (
B31D370607AFFF4A27FD408EB94CB780272DA034AF2A
B7FFE4148D4D9BAD27FD )