TLSA / DANE support in DNS Management

Arjandj

New member
Joined
May 29, 2015
Messages
3
Dear sir/madame,
I would welcome support for TLSA / DANE in the DNS Management of Direct Admin. It makes it possible to add a signature of the website's public key in a TLSA DNS record and when used in combination with DNSSEC prevents man-in-the-middle-attacks with rogue certificates.

Adding basic TLSA support is as easy as adding the possibility to add a TLSA type record. It would be great if this functionality could be added within a short time period. Users then still need to use a TSLA record generator like https://www.huque.com/bin/gen_tlsa or https://ssl-tools.net/tlsa-generator to generate the records. Maybe in a later stage, the creation of the record could be automated, based on the installed SSL certificate of the website.

Please see the following websites for further details about TSLA / DANE:
http://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
http://tools.ietf.org/html/rfc6394
http://tools.ietf.org/html/rfc6698
http://tools.ietf.org/html/rfc7218

Best regards,
Arjan
 
+1 for me. The first competitors are already offering TLSA records in DNS management and we shouldn't fall behind.
 
Any updates from the Direct Admin developers on whether this feature request will be honored?
 
+1

Could it hook in with the Let's Encrypt script as well, so that when you get a new LE cert it updates the TLSA record?
 
Now it is added in DA.

Will 3 1 1 TLSA work with autorenewal of Lets Encrypt?
 
Last edited:
Dane

Would be great that lets encrypt would be automatically linked as well of course.

and that there will be a good manual for it to set it up.
 
@DirectAdmin Support please add TLSA / DANE support to Exim.
Exim 4.89 does support it, and it is needed.

TLSA / DANE to the website only is not secure enough.
 
Back
Top