All changes pushed to this repository are automatically deployed to nameservers by puppet. However, syntax is checked for changes to go live, so please be aware when pushing changes.
From September 2017, CAA records will be mandatory for CAs.
A CAA record is a DNS record which allows DNS admins to authorize CAs to issue SSL certificates for certain domains. This decreases the chance of phishing through fake issuance of SSL certificates from genuine CAs. Furthermore, this allows Miraheze to more realistically control which CAs are allowed onto our platform.
Unfortunately due to a lack of upstream implementation, CAA records have to be defined using TYPE257 instead of the more appealing CAA.
To allow a CA to issue a certificate, check the box at SSLMate CAA Generator and use "Legacy Zone File" value.
All CAA definitions should end with a location to email violations too which can be done as: TYPE257 # 36 0005696F6465666D61696C746F3A636161706F6C6963794077696B69746964652E6F7267