I suggest you ...

Add DNS CAA support to the DNS manager

I would like to see an implemention to support DNS CAA in DOs DNS controllpanel.

DNS Certification Authority Authorization (CAA) uses the Internet's Domain Name System to specify which certificate authorities may be regarded as authoritative for a domain. This is intended to support additional cross-checking at the client end of TLS connections to attempt to prevent certificates issued by CAs other than the specified CAs from being used to spoof the identity of websites or perform man-in-the-middle attacks on them.

If we would run a certain CA on our websites, we can specify that in our DNS settings and the security is enhanced for our website when it comes to possible MitM.

Thanks!

608 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Tobias Ehlert shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    completed  ·  AdminRafael Rosa (Admin, DigitalOcean) responded  · 

    Hello everybody,

    First, I would like to thank you for your patience and for bringing this request to us. Today we updated our DNS panel and API to allow the creation of CAA records, and our DNS infrastructure will reply to CAA queries. We created a tutorial with instructions on how to create and manage CAA records:

    https://www.digitalocean.com/community/tutorials/how-to-create-and-manage-caa-records-using-digitalocean-dns

    You can also create CAA records using the API. The command below will create a CAA record allowing Let’s Encrypt to create certs for the domain “mydomain.com”:

    curl -X POST -d ‘{"type":“CAA”,“name”:“@”,“data”:“letsencrypt.org.”,priority,port,ttl,flags,“tag”:"issue"}’ -H “Content-Type: application/json” -H “Authorization: Bearer $DIGITALOCEAN_TOKEN” https://api.digitalocean.com/v2/domains/mydomain.com/records

    We will still make a few adjustments, and more documentation will be updated in the next few weeks, but today’s update should be enough to get you started. If you have more suggestions, please send them through UserVoice, we do listen to your feedback.

    Thanks a lot

    65 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      ← Previous 1 3 4

      Feedback and Knowledge Base