By:

digitalocean.jj05

[Feature request] CAA DNS record (Certification Authority Authorization)

January 23, 2017 2.5k

DNS Security

Would it be possible to support the CAA DNS record?

https://support.dnsimple.com/articles/caa-record/
https://blog.dnsimple.com/2017/01/introducing-caa-records/
https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization
https://tools.ietf.org/html/rfc6844

This currently shows up as a notice if missing when doing Qualy's SSL Server Test.

1 comment

SpartanK January 24, 2017
I just ran a test at https://www.ssllabs.com/ssltest/analyze.html everything came back great except CAA record missing. Went to add it on digital ocean networking tab... No option to add it.

This would be a good addition

Log In to Comment

3 Answers

jtittle1 January 24, 2017

Accepted Answer

You may want to submit this to the feedback channel:

https://digitalocean.uservoice.com/forums/136585-digitalocean

They check it frequently, so that'd definitely be where I'd get that posted.

digitalocean.jj05 January 24, 2017

There's already a feature request here:
https://digitalocean.uservoice.com/forums/136585-digitalocean/suggestions/17738347-add-dns-caa-support-to-the-dns-manager

kamaln7 MOD October 5, 2017

Hi @digitalocean.jj05 & @SpartanK,

I'm happy to say that DigitalOcean DNS now supports CAA records!

https://www.digitalocean.com/community/tutorials/how-to-create-and-manage-caa-records-using-digitalocean-dns

How To Create and Manage CAA Records Using DigitalOcean DNS

Certificate Authority Authorization (CAA) is a standard designed to prevent bad actors from creating unauthorized SSL/TLS certificates. CAA records allow domain owners to specify which Certificate Authorities (CAs) are permitted to issue certificates. In this tutorial we'll show how to add the three standard CAA resource record types.

Have another answer? Share your knowledge.