-
Notifications
You must be signed in to change notification settings - Fork 907
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add CAA type #688
Comments
I was just looking for this and it seems like this ticket is around since 2013 already and nothing has changed. I hope by bumping this up I can bring some more attention to this and maybe it can make it int the next version or so. ;) |
Hello, due to an earlier oversight it is close to impossible to do this for the 3.* versions of PowerDNS (because we used the CAA RRtype number, 257, internally for other purposes). I'll make sure to correct that for 4.0.0 at least, and then we can implement it. If you want, you can try your hand at adding it yourself - instructions here! http://blog.powerdns.com/2012/11/30/adding-new-dns-record-types-to-powerdns-software/ |
(I checked, we no longer have that bogus internal type in the 4.0.0 dev stuff) |
Thank you for the quick answer. Sounds great, even if it won't make it into v3.x anymore. |
Hi! I wanted to voice my support for CAA support in PowerDNS, and provide some background info: The Let's Encrypt free and automated certificate authority, which launched in December, requires a successful CAA check in order to issue certificates. We've been getting some reports from users that they are unable to get certificates because their hosting provider uses PowerDNS, which they say times out on receiving a CAA query. So, I hope this ticket makes it into the auth-4.1.0 milestone. It would make a big difference for a number of people who want to get free TLS certificates. Thanks, |
To be clear, the requirement is "give a correct DNS response", not "have a CAA record that explicitly allows letsencrypt to issue a cert"? |
That's correct. Obviously it would be nice to allow configurability, but the main thing we care about is getting a well-formed response rather than a timeout. |
Can you please file a separate ticket to track the timeout issue, assuming you've actually observed it with PowerDNS? We have had no direct reports of it and I do not want to confuse it with this ticket. Thanks! |
Also, can interested parties please review and test #3173? Thank you! |
RFC6844
The text was updated successfully, but these errors were encountered: