CAA Mandated by CA/Browser Forum

Need help? Ask here.

Moderator: Moderators

Post Reply
candrews
Posts: 33
Joined: Thu Jul 24, 2008 11:50 am
Contact:

CAA Mandated by CA/Browser Forum

Post by candrews » Fri May 26, 2017 9:10 am

Since CAA is now mandated by the CA/Browser Forum, can you please add support for it to the primary DNS configuration interface?

https://blog.qualys.com/ssllabs/2017/03 ... wser-forum

Seth
Site Admin
Posts: 304
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: CAA Mandated by CA/Browser Forum

Post by Seth » Tue May 30, 2017 3:38 pm

We have to upgrade all of the background PowerDNS infrastructure before we can add support for CAA records since the version we're currently running doesn't understand it. I don't have an ETA for this, but it's in the queue.
Seth Mattinen, Roller Network LLC

dstutz
Posts: 20
Joined: Mon May 08, 2006 4:30 pm

Re: CAA Mandated by CA/Browser Forum

Post by dstutz » Mon Jun 26, 2017 7:42 am

Just wanted to say I'm interested in this feature as well. Thanks guys!

Also, are you aware the forums are using a staging LE cert?

Seth
Site Admin
Posts: 304
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: CAA Mandated by CA/Browser Forum

Post by Seth » Mon Jun 26, 2017 7:48 am

We're not redirecting HTTP into HTTPS yet, it's just for testing.
Seth Mattinen, Roller Network LLC

Seth
Site Admin
Posts: 304
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: CAA Mandated by CA/Browser Forum

Post by Seth » Thu Jun 29, 2017 12:39 pm

Seth wrote:
Mon Jun 26, 2017 7:48 am
We're not redirecting HTTP into HTTPS yet, it's just for testing.
OK, everything should be all settled now. The redirect to HTTPS is in place and the certs are non-staging.
Seth Mattinen, Roller Network LLC

candrews
Posts: 33
Joined: Thu Jul 24, 2008 11:50 am
Contact:

Re: CAA Mandated by CA/Browser Forum

Post by candrews » Mon Sep 25, 2017 12:18 pm

Seth wrote:
Tue May 30, 2017 3:38 pm
We have to upgrade all of the background PowerDNS infrastructure before we can add support for CAA records since the version we're currently running doesn't understand it. I don't have an ETA for this, but it's in the queue.
Do you have any update as to when CAA records may be available?

Thanks again!

Seth
Site Admin
Posts: 304
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: CAA Mandated by CA/Browser Forum

Post by Seth » Mon Oct 02, 2017 2:51 pm

I don't have a timeframe. I'm still working on slowly stepping through upgrades to PowerDNS to ensure nothing breaks horribly when I have to make major schema changes.
Seth Mattinen, Roller Network LLC

candrews
Posts: 33
Joined: Thu Jul 24, 2008 11:50 am
Contact:

Re: CAA Mandated by CA/Browser Forum

Post by candrews » Fri Feb 23, 2018 10:40 am

Sorry to be annoying, but I couldn't resist the urge to bump this request again :)

candrews
Posts: 33
Joined: Thu Jul 24, 2008 11:50 am
Contact:

Re: CAA Mandated by CA/Browser Forum

Post by candrews » Mon Apr 02, 2018 9:36 am

I'm cordially requesting any news on this topic.

Thanks again!

Seth
Site Admin
Posts: 304
Joined: Sun Aug 30, 2009 10:44 pm
Location: Nevada
Contact:

Re: CAA Mandated by CA/Browser Forum

Post by Seth » Wed Apr 11, 2018 8:32 am

Still working on the upgrades to PowerDNS. When we first started using it they didn't have an API so we ended up having to do some command line output parsing to implement the DNSSEC features, which is totally not ideal (and I wouldn't have done it if there was another way) because any output formatting changes can break those kind of parsers.

I may just end up doing the best I can with looking for changes and expect some bug reports to come in that require fixing. Obviously I want to make sure that the actual serving of domain data doesn't break and any bug is limited to trying to make a change in the control center.
Seth Mattinen, Roller Network LLC

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests