Add Support for DNSSEC (Domain Name System Security Extensions)
Please add support for DNSSEC (Domain Name System Security Extensions) to XG-Firewall.
Sophos calls the product Next Generation... but no decent IPv6, no Let's Encrypt, and even no DNSSEC? This is amazing and DNSSEC should be added immediately.
I was surprised to learn that XG doesn't have this yet. Then, I was disappointed that this request is almost two years old! I really hope your product development managers can justify adding this soon! I imagine that your sales team wouldn't mind having this box checked either.
Why is this still not a thing? I appreciate that feature requests are based on votes but Security festures should be added without users having to ask. Most people dont know they need it until its too late. This lack of modern security features is not very "next-gen"
Implementation of DNSSEC validation should be prioritized after recent DNS hijackings and repeated recommendations from ICANN to implement DNSSEC. https://www.icann.org/news/announcement-2019-02-15-en
Jason Fell commented
would love to have this feature, as I current use it for validation of DNS addresses, makes me feel a lot safer
Michael P. commented
Please add DNSSEC support to XG-firewall
Please add DNS over TLS, DNS over HTTPS, and DNSSEC to the XG series to protect against DNS spoofing and monitoring.
Trivial to implement and without this anything based on domain names (web filtering, ntp) is vulnerable.
DNSSEC should also be implemented on all Sophos sites.