Provided is a method of digitally securing a digital object from a first user in a first domain to a second user in a second domain using a DNS provider. The method includes accessing, at a client device of the first user, a client-side local policy, wherein the local policy comprises one or more zones managed by one or more DNS providers and secured by DANE using DNSSEC; constructing a DNS query for a cryptographic credential for the second user based, at least in part, on a zone of the one or more zones in the local policy; providing a request for the cryptographic credential for the second user; obtaining the cryptographic credential for the second user from a DNS provider of the one or more DNS providers; digitally securing the digital object using the cryptographic credential; and providing the digital object to the second user.