Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add CAA type #688

Closed
Habbie opened this issue Apr 26, 2013 · 9 comments
Closed

add CAA type #688

Habbie opened this issue Apr 26, 2013 · 9 comments
Labels
auth enhancement

Comments

@Habbie
Copy link
Member

Habbie commented Apr 26, 2013

RFC6844
@ghost ghost assigned Habbie Apr 26, 2013
@RouL
Copy link

RouL commented Nov 23, 2015

I was just looking for this and it seems like this ticket is around since 2013 already and nothing has changed. I hope by bumping this up I can bring some more attention to this and maybe it can make it int the next version or so. ;)

@Habbie
Copy link
Member Author

Habbie commented Nov 23, 2015

Hello,

due to an earlier oversight it is close to impossible to do this for the 3.* versions of PowerDNS (because we used the CAA RRtype number, 257, internally for other purposes). I'll make sure to correct that for 4.0.0 at least, and then we can implement it.

If you want, you can try your hand at adding it yourself - instructions here! http://blog.powerdns.com/2012/11/30/adding-new-dns-record-types-to-powerdns-software/

@Habbie Habbie added this to the auth-4.0.0 milestone Nov 23, 2015
@Habbie
Copy link
Member Author

Habbie commented Nov 23, 2015

(I checked, we no longer have that bogus internal type in the 4.0.0 dev stuff)

@RouL
Copy link

RouL commented Nov 23, 2015

Thank you for the quick answer. Sounds great, even if it won't make it into v3.x anymore.
I will look forward to this.

@Habbie Habbie removed this from the auth-4.0.0 milestone Nov 23, 2015
@Habbie Habbie removed the defect label Nov 23, 2015
@Habbie Habbie added this to the auth-4.1.0 milestone Dec 15, 2015
@jsha
Copy link

jsha commented Feb 1, 2016

Hi! I wanted to voice my support for CAA support in PowerDNS, and provide some background info: The Let's Encrypt free and automated certificate authority, which launched in December, requires a successful CAA check in order to issue certificates. We've been getting some reports from users that they are unable to get certificates because their hosting provider uses PowerDNS, which they say times out on receiving a CAA query. So, I hope this ticket makes it into the auth-4.1.0 milestone. It would make a big difference for a number of people who want to get free TLS certificates.

Thanks,
Jacob

@Habbie
Copy link
Member Author

Habbie commented Feb 1, 2016

To be clear, the requirement is "give a correct DNS response", not "have a CAA record that explicitly allows letsencrypt to issue a cert"?

@jsha
Copy link

jsha commented Feb 2, 2016

That's correct. Obviously it would be nice to allow configurability, but the main thing we care about is getting a well-formed response rather than a timeout.

@Habbie
Copy link
Member Author

Habbie commented Feb 2, 2016

Can you please file a separate ticket to track the timeout issue, assuming you've actually observed it with PowerDNS? We have had no direct reports of it and I do not want to confuse it with this ticket. Thanks!

@Habbie
Copy link
Member Author

Habbie commented Feb 4, 2016

Also, can interested parties please review and test #3173? Thank you!

@Habbie Habbie mentioned this issue Feb 5, 2016
Open
@ahupowerdns ahupowerdns modified the milestone: auth-4.1.0 Feb 23, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jsha @RouL @Habbie @pieterlexis @ahupowerdns