Search... ⌘ K
Get Started Contact Sales

DNSimple SuperLock

Table of Contents

Note

This article describes a feature in private beta.

Protect your domains from accidental transfers with DNSimple SuperLock.

What is SuperLock?

SuperLock is a mechanism that prevents individual users from performing destructive operations on a domain - like transferring the domain out. Without SuperLock, any user of an account effectively has admin power on any resource in the account. They could independently start a transfer out or push the domain into another DNSimple account. That means a compromised user account can damage any resource inside the account.

With SuperLock, you can protect any domain from unintentional transfers or moves to a different account.

Why SuperLock is needed

In team accounts, multiple users may have access to domains for legitimate operational needs. However, this shared access creates a security risk: if any user’s account is compromised, an attacker could transfer domains out of the account or move them to another account, potentially causing permanent loss. SuperLock adds an additional layer of protection by requiring a quorum of users to approve disabling the lock before any transfer or account move can occur. This prevents a single compromised account from causing catastrophic damage.

SuperLock protects against transfers and account moves, but it does not prevent other operations like DNS changes, contact updates, or certificate management. These operations remain available to authorized users because they are reversible and less likely to result in permanent domain loss.

Enabling SuperLock

Note

This feature is in private beta. Your account will need access granted via support@dnsimple.com.

Warning

Please read the process to disable SuperLock. Once SuperLock is enabled, you cannot disable it by yourself.

SuperLock can be enabled for any domain in your account. Once enabled, transfers and pushes are blocked for that domain until SuperLock is disabled. This feature is relevant to the security of the domain, and an email notification about this activity is sent to all users in the account.

enabling SuperLock in the settings page

Disabling SuperLock

If you want to transfer a domain that has SuperLock enabled, you’ll need to disable SuperLock before you can proceed. Disabling SuperLock requires a quorum of 2 users in the account to proceed.

The quorum requirement ensures that disabling SuperLock is a deliberate, collaborative decision rather than an action taken by a single user. This prevents accidental or malicious disabling of the protection. Both users must actively vote to disable SuperLock, which provides accountability and reduces the risk of unauthorized domain transfers.

disabling the SuperLock in the settings page

Have more questions?

If you have any questions about DNSimple SuperLock or need assistance protecting your domains, just contact support, and we’ll be happy to help.