Cert Authorities Check for DNSSEC from Today
21 hours ago
- #DNSSEC
- #Domain Security
- #Certificate Authorities
- Mike Cardwell has been using DNSSEC for about 14 years without issues, initially with bind9 and later with PowerDNS.
- Starting today, all Certificate Authorities (CAs) are required to validate DNSSEC for domains that have it enabled.
- CAs must validate DNSSEC when looking up CAA records for certificate issuance and during the ACME process.
- Non-compliance with DNSSEC validation by CAs is expected to be treated harshly.
- The article encourages domain owners to check if their registrar supports DNSSEC, as enabling it might be simple.