CAA Mandated by CA/Browser Forum

candrews · Post by **candrews** » Fri May 26, 2017 9:10 am

Since CAA is now mandated by the CA/Browser Forum, can you please add support for it to the primary DNS configuration interface?

https://blog.qualys.com/ssllabs/2017/03 ... wser-forum

Post by **Seth** » Tue May 30, 2017 3:38 pm

We have to upgrade all of the background PowerDNS infrastructure before we can add support for CAA records since the version we're currently running doesn't understand it. I don't have an ETA for this, but it's in the queue.

dstutz · Post by **dstutz** » Mon Jun 26, 2017 7:42 am

Just wanted to say I'm interested in this feature as well. Thanks guys!

Also, are you aware the forums are using a staging LE cert?

Post by **Seth** » Mon Jun 26, 2017 7:48 am

We're not redirecting HTTP into HTTPS yet, it's just for testing.

Post by **Seth** » Thu Jun 29, 2017 12:39 pm

Seth wrote: ↑
Mon Jun 26, 2017 7:48 am
We're not redirecting HTTP into HTTPS yet, it's just for testing.

OK, everything should be all settled now. The redirect to HTTPS is in place and the certs are non-staging.

candrews · Post by **candrews** » Mon Sep 25, 2017 12:18 pm

Seth wrote: ↑
Tue May 30, 2017 3:38 pm
We have to upgrade all of the background PowerDNS infrastructure before we can add support for CAA records since the version we're currently running doesn't understand it. I don't have an ETA for this, but it's in the queue.

Do you have any update as to when CAA records may be available?

Thanks again!

Post by **Seth** » Mon Oct 02, 2017 2:51 pm

I don't have a timeframe. I'm still working on slowly stepping through upgrades to PowerDNS to ensure nothing breaks horribly when I have to make major schema changes.

candrews · Post by **candrews** » Fri Feb 23, 2018 10:40 am

Sorry to be annoying, but I couldn't resist the urge to bump this request again

candrews · Post by **candrews** » Mon Apr 02, 2018 9:36 am

I'm cordially requesting any news on this topic.

Thanks again!

Post by **Seth** » Wed Apr 11, 2018 8:32 am

Still working on the upgrades to PowerDNS. When we first started using it they didn't have an API so we ended up having to do some command line output parsing to implement the DNSSEC features, which is totally not ideal (and I wouldn't have done it if there was another way) because any output formatting changes can break those kind of parsers.

I may just end up doing the best I can with looking for changes and expect some bug reports to come in that require fixing. Obviously I want to make sure that the actual serving of domain data doesn't break and any bug is limited to trying to make a change in the control center.

candrews · Post by **candrews** » Thu Feb 14, 2019 8:08 am

Do you have an update on this topic?

Thanks!

Post by **Seth** » Sun Feb 24, 2019 10:21 am

I'm working on the last round of backend updates today before we progress to the next update that will add new record types.

candrews · Post by **candrews** » Mon Jul 22, 2019 11:43 am

Do you have an update on this topic?

Thanks!

Post by **Seth** » Mon Jul 22, 2019 11:46 am

Not yet.

candrews · Post by **candrews** » Fri Jan 31, 2020 8:46 pm

Do you have an update on this topic?

Thanks!

Roller Network

CAA Mandated by CA/Browser Forum

CAA Mandated by CA/Browser Forum

Re: CAA Mandated by CA/Browser Forum

Re: CAA Mandated by CA/Browser Forum

Re: CAA Mandated by CA/Browser Forum

Re: CAA Mandated by CA/Browser Forum

Re: CAA Mandated by CA/Browser Forum

Re: CAA Mandated by CA/Browser Forum

Re: CAA Mandated by CA/Browser Forum

Re: CAA Mandated by CA/Browser Forum

Re: CAA Mandated by CA/Browser Forum

Re: CAA Mandated by CA/Browser Forum

Re: CAA Mandated by CA/Browser Forum

Re: CAA Mandated by CA/Browser Forum

Re: CAA Mandated by CA/Browser Forum

Re: CAA Mandated by CA/Browser Forum