> Sounds like the "Supported Record Types" page needs updating to add KX and > IPSECKEY.
Patches are welcome. It is very easy to update our Markdown documentation these days. https://github.com/PowerDNS/pdns/blob/master/docs/markdown/types.md and press the edit (pencil) icon. > To bad about DNAME. I'd try to submit a patch but I'm a little too busy with > what I'm doing right now to take the time to learn about PDNS's codebase. DNAME is actually available, "experimental-dname-processing” makes that happen. > TLSA does *not* supersede CAA—they work together. TLSA says "here is the > valid public key for this host," and the client can reject any certs created > with other public keys. CAA says "here is the valid certificate authority for > this host," and the client can reject any certs signed by any other > certificate authority. TLSA *does* increase security significantly on its > own, but adding CAA makes it even more secure. I you have a CAA record and can point to a client that verifies it, we could look into it. It is very hard to implement things where we have to hunt for a client first. Bert _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
