Security makes us the best DNS hosting choice

At DNSimple we believe that security is essential for your DNS, domains and SSL certificates. To that end, we have put together this page as your entry point for understanding how we handle security at DNSimple. We also provide a way to get in touch with us for security-specific issues. Thanks for helping us be the best DNS hosting option available.

Reporting Security Issues

Send urgent or sensitive reports directly to security@dnsimple.com. Use our public key to keep your message safe and please provide us with a secure way to respond. We’ll get back to you as soon as we can, usually within 24 hours. Please follow up or ping us on Twitter if you don’t hear back. For requests that aren’t urgent or sensitive: submit a support request.

Tracking and Disclosing Security Issues

If you are interested in executing tests against our systems for your security research, please use our sandbox system rather than our production systems. The sandbox system is running the same web application as production but does not involve production data. You can activate your account on the sandbox system using the credit card number "1" along with a correct expiration date and a CVV code of "111".

We work with security researchers to keep up with the state-of-the-art in web security. Have you discovered a web security flaw that might impact our products? Please let us know. If you submit a report, here’s what will happen:

Credit

The following members of the Internet community have contributed to the identification and closure of security issues in DNSimple in a responsible fashion:

DNSimple Security Overview

All credit card transactions are processed using secure encryption. Card information is transmitted, stored, and processed securely on a PCI-Compliant network. We currently use Chargify and Stripe for processing all one-time and recurring payments. More information about Chargify's PCI compliance may be found on the Chargify site. More information about Stripe's PCI compliance may be found on the Stripe site.

All servers have rigid access control and only provide access to the services that are required on that server. We regularly update our infrastructure to incorporate patches and updates.

All data is backed up on a regular basis to off-site backups.

Account passwords are stored with one-way encryption so even we do not have access to them.

We provide two-factor authentication for user accounts using a time-based one-time password algorithm. You can enable two-factor authentication from your user page.