Skip to content
/ dns Public

Production DNS configuration

Notifications You must be signed in to change notification settings

miraheze/dns

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Miraheze DNS Production Configuration

All changes pushed to this repository are automatically deployed to nameservers by puppet. However, syntax is checked for changes to go live, so please be aware when pushing changes.

CAA Records

From September 2017, CAA records will be mandatory for CAs.

A CAA record is a DNS record which allows DNS admins to authorize CAs to issue SSL certificates for certain domains. This decreases the chance of phishing through fake issuance of SSL certificates from genuine CAs. Furthermore, this allows Miraheze to more realistically control which CAs are allowed onto our platform.

Unfortunately due to a lack of upstream implementation, CAA records have to be defined using TYPE257 instead of the more appealing CAA.

To allow a CA to issue a certificate, check the box at SSLMate CAA Generator and use "Legacy Zone File" value.

All CAA definitions should end with a location to email violations too which can be done as: TYPE257 # 36 0005696F6465666D61696C746F3A636161706F6C6963794077696B69746964652E6F7267