DNS: Support CAA resource type

It would be awesome if we could specify the CAA resource type (Note: It's not just a TXT alias).
More information here: https://tools.ietf.org/html/rfc6844
and here: https://blog.qualys.com/ssllabs/2017/03/13/caa-mandated-by-cabrowser-forum

Comments

  • RomanRoman Moderator
    Hi Florian,

    Thank you for great suggestion. However, could you please provide a practical adaptation of this feature? How would you use it?
  • Sorry for the late response.

    In general it is used for specifying the CA of a certificate used on SSL websites. Modern SSL validators (i.e. https://dev.ssllabs.com/ssltest/) will look for CAA records. Especially with Let's Encrypt it became extremely easy to host SSL websites nowadays.

    There is an example here for BIND: https://community.letsencrypt.org/t/caa-setup-for-lets-encrypt/9893/17

    It is not very urgent or important, but since almost all DNS types are supported by time4vps, I thought I'd mention it here. I don't know how hard it would be to get it working.

Sign In or Register to comment.