[Pdns-users] Standardized DNS Record Types Not Supported by PowerDNS

bert hubert bert.hubert at netherlabs.nl
Mon Mar 9 07:42:16 UTC 2015

> Sounds like the "Supported Record Types" page needs updating to add KX and IPSECKEY.

Patches are welcome. It is very easy to update our Markdown documentation these days. https://github.com/PowerDNS/pdns/blob/master/docs/markdown/types.md and press the edit (pencil) icon.

> To bad about DNAME. I'd try to submit a patch but I'm a little too busy with what I'm doing right now to take the time to learn about PDNS's codebase.

DNAME is actually available, "experimental-dname-processing” makes that happen.

> TLSA does *not* supersede CAA—they work together. TLSA says "here is the valid public key for this host," and the client can reject any certs created with other public keys. CAA says "here is the valid certificate authority for this host," and the client can reject any certs signed by any other certificate authority. TLSA *does* increase security significantly on its own, but adding CAA makes it even more secure.

I you have a CAA record and can point to a client that verifies it, we could look into it. It is very hard to implement things where we have to hunt for a client first. 


More information about the Pdns-users mailing list