Secure DNS Hosting

As a critical component to DNS, domains, and SSL certificates, we take your security seriously. The following illustrates how we handle security, and provides a way to get in touch with us for security-specific issues. By reporting those issues, you help us continue to be the best DNS hosting option available.

Reporting Security Issues

Send urgent or sensitive reports directly to security@dnsimple.com, and use our public key to keep your messages safe. We’ll get back to you as soon as possible, usually within 24 hours. Please provide us with a secure way to respond. If you haven't heard from us in 24 hours, follow up or ping us on Twitter. For requests that aren’t urgent or sensitive: submit a support request.

Tracking and Disclosing Security Issues

If you're interested in executing tests against our systems for your security research, please use our sandbox system rather than our production systems. The sandbox system is running the same web application as production but does not involve production data. You can activate your account on the sandbox system using the credit card number "1" along with a correct expiration date and a CVV code of "111".

We work with security researchers to keep up with state-of-the-art web security. If you've discovered a web security flaw that might impact our products, please let us know. Here’s what happens when you submit a report:

Credit

The following members of the Internet community have responsibly contributed to the identification and closure of security issues in DNSimple:

DNSimple Security Overview

All credit card transactions are processed using secure encryption. Card information is transmitted, stored, and processed securely on a PCI-Compliant network. We currently use Chargify and Stripe for processing all one-time and recurring payments. More information about Chargify's PCI compliance may be found on the Chargify site. More information about Stripe's PCI compliance may be found on the Stripe site.

All servers have rigid access control and only provide access to the services that are required on that server. We regularly update our infrastructure to incorporate patches and updates.

All data is backed up on a regular basis to off-site backups.

Account passwords are stored with one-way encryption so even we do not have access to them.

We provide two-factor authentication for user accounts using a time-based one-time password algorithm. You can enable two-factor authentication from your user page.