DigitalOcean home
  • Droplets
  • Spaces
  • Kubernetes
  • Tools & Integrations
  • One-click Apps
  • API Documentation
  • Community
  • Tutorials
  • Q&A
  • Projects
  • Meetups
  • Customers
  • Pricing
  • Docs
  • Support
  • DigitalOcean home
  • Products
    • Droplets

      Scalable compute services.

    • Spaces

      Simple object storage.

    • Kubernetes

      Run managed Kubernetes clusters.

    • Tools & Integrations

      Automate your infrastructure.

    • One-click Apps

      Deploy pre-built applications.

    • API Documentation
  • Customers
  • Community
    • Community Overview

      Connect, share and learn

    • Tutorials

      DevOps and development guides

    • Questions & Answers

      Development and systems Q&A

    • Projects

      Community-built integrations

    Get Involved
    Write for DOnations
    Join us at a Meetup
    Featured Post
    An Introduction to Kubernetes

    by Justin Ellingwood

  • Pricing
  • Docs
  • Support
    • Documentation

    • Contact Support

    • Network Status

  • Home /
  • DO-I-570 /
  • New idea
239 Vote

Add DNS CAA support to the DNS manager

I would like to see an implemention to support DNS CAA in DOs DNS controllpanel.

DNS Certification Authority Authorization (CAA) uses the Internet's Domain Name System to specify which certificate authorities may be regarded as authoritative for a domain. This is intended to support additional cross-checking at the client end of TLS connections to attempt to prevent certificates issued by CAs other than the specified CAs from being used to spoof the identity of websites or perform man-in-the-middle attacks on them.

If we would run a certain CA on our websites, we can specify that in our DNS settings and the security is enhanced for our website when it comes to possible MitM.

Thanks!

  • Tobias Lindberg
  • Sep 11 2018
  • Shipped
DigitalOcean General
  • Sep 11, 2018

    Admin response

    Hello everybody, First, I would like to thank you for your patience and for bringing this request to us. Today we updated our DNS panel and API to allow the creation of CAA records, and our DNS infrastructure will reply to CAA queries. We created a tutorial with instructions on how to create and manage CAA records: https://www.digitalocean.com/community/tutorials/how-to-create-and-manage-caa-records-using-digitalocean-dns You can also create CAA records using the API. The command below will create a CAA record allowing Let's Encrypt to create certs for the domain "mydomain.com": curl -X POST -d '{"type":"CAA","name":"@","data":"letsencrypt.org.","priority":null,"port":null,"ttl":1800,"flags":0,"tag":"issue"}' -H "Content-Type: application/json" -H "Authorization: Bearer $DIGITALOCEAN_TOKEN" https://api.digitalocean.com/v2/domains/mydomain.com/records We will still make a few adjustments, and more documentation will be updated in the next few weeks, but today's update should be enough to get you started. If you have more suggestions, please send them through UserVoice, we do listen to your feedback. Thanks a lot
  • Comments (65)
  • Votes (239)
  • Attach files
  • Guest commented
    11 Sep, 2018 04:10pm

    That's and interesting suggestion, thanks.

    ×

    Attachments Open full size

  • Guest commented
    11 Sep, 2018 04:10pm

    I second this motion.

    ×

    Attachments Open full size

  • Guest commented
    11 Sep, 2018 04:10pm

    I would vote if I had votes left. This is a good one.

    ×

    Attachments Open full size

  • Guest commented
    11 Sep, 2018 04:10pm

    I just ran a test at https://www.ssllabs.com/ssltest/analyze.html everything came back great except CAA record missing. Went to add it on digital ocean networking tab... No option to add it.

    This would be a good addition

    ×

    Attachments Open full size

  • Guest commented
    11 Sep, 2018 04:10pm

    Like to see this also

    ×

    Attachments Open full size

  • Guest commented
    11 Sep, 2018 04:10pm

    +1

    ×

    Attachments Open full size

  • Guest commented
    11 Sep, 2018 04:10pm

    Yes we would like this feature implemented please!

    ×

    Attachments Open full size

  • Guest commented
    11 Sep, 2018 04:10pm

    Yes, please.

    ×

    Attachments Open full size

  • Guest commented
    11 Sep, 2018 04:10pm

    +1
    I and my clients to need.
    in future SSL come to all website in internet

    ×

    Attachments Open full size

  • Guest commented
    11 Sep, 2018 04:10pm

    +1 I want my A+ back and CAA seem like a sensible feature. :-)

    ×

    Attachments Open full size

  • Guest commented
    11 Sep, 2018 04:10pm

    +1
    Please YES !

    ×

    Attachments Open full size

  • Guest commented
    11 Sep, 2018 04:10pm

    +1

    ×

    Attachments Open full size

  • Guest commented
    11 Sep, 2018 04:10pm

    +1

    ×

    Attachments Open full size

  • Guest commented
    11 Sep, 2018 04:10pm

    +1

    ×

    Attachments Open full size

  • Guest commented
    11 Sep, 2018 04:10pm

    +1

    ×

    Attachments Open full size

  • Guest commented
    11 Sep, 2018 04:10pm

    FIRE! +1

    ×

    Attachments Open full size

  • Guest commented
    11 Sep, 2018 04:10pm

    God yes. This needs to happen a month ago.

    ×

    Attachments Open full size

  • Guest commented
    11 Sep, 2018 04:10pm

    +1

    ×

    Attachments Open full size

  • Guest commented
    11 Sep, 2018 04:10pm

    I use Digital Ocean because they are often ahead of the curve. This missing feature is not in keeping with that general philosophy

    ×

    Attachments Open full size

  • Guest commented
    11 Sep, 2018 04:10pm

    Admin really hear us ?

    ×

    Attachments Open full size

  • Load older comments
  • +139
Log in / Sign up

Identify yourself with your email address

Subscribe

You won't be notified about changes to this idea.

Related ideas

DigitalOcean home

© 2018 DigitalOcean, LLC. All rights reserved.
Proudly made in NY

  • Twitter
  • Facebook
  • Instagram
  • YouTube
  • LinkedIn
  • Glassdoor
Company
About
Leadership
Blog
Careers
Partner Network
Referral Program
Events
Press
Legal & Security
Products
Droplets
Spaces
Kubernetes
Tools & Integrations
One-click Apps
API
Pricing
Documentation
Release Notes
Community
Tutorials
Meetups
Q&A
Write for DOnations
Droplets for Demos
Hatch
Shop Swag
Research Program
Currents Research
Open Source
Support
Contact Support
FAQ
Network Status