Results 1 to 19 of 19

Thread: TLSA / DANE support in DNS Management

  1. #1
    Join Date
    May 2015
    Posts
    3

    TLSA / DANE support in DNS Management

    Dear sir/madame,
    I would welcome support for TLSA / DANE in the DNS Management of Direct Admin. It makes it possible to add a signature of the website's public key in a TLSA DNS record and when used in combination with DNSSEC prevents man-in-the-middle-attacks with rogue certificates.

    Adding basic TLSA support is as easy as adding the possibility to add a TLSA type record. It would be great if this functionality could be added within a short time period. Users then still need to use a TSLA record generator like https://www.huque.com/bin/gen_tlsa or https://ssl-tools.net/tlsa-generator to generate the records. Maybe in a later stage, the creation of the record could be automated, based on the installed SSL certificate of the website.

    Please see the following websites for further details about TSLA / DANE:
    http://en.wikipedia.org/wiki/DNS-bas...Named_Entities
    http://tools.ietf.org/html/rfc6394
    http://tools.ietf.org/html/rfc6698
    http://tools.ietf.org/html/rfc7218

    Best regards,
    Arjan

  2. #2
    Join Date
    May 2015
    Posts
    3
    Anyone else who would like this functionality?

  3. #3
    Join Date
    Nov 2003
    Location
    germany
    Posts
    117
    Will be great to get this. Many german Providers will use DANE in the future.
    http://www.linuworx.de

  4. #4
    Join Date
    Feb 2007
    Posts
    194

  5. #5
    Join Date
    Oct 2015
    Posts
    1
    TLSA is one of those security additions that makes DirectAdmin even more awesome. Yes please!

  6. #6
    Join Date
    Sep 2015
    Location
    Arnhem, The Netherlands
    Posts
    206
    +1

    Really like to see this added to DA.

  7. #7
    Join Date
    May 2008
    Location
    The Netherlands
    Posts
    1,161
    +1 for me. The first competitors are already offering TLSA records in DNS management and we shouldn't fall behind.
    ~ Arieh

  8. #8
    Join Date
    May 2015
    Posts
    3
    Any updates from the Direct Admin developers on whether this feature request will be honored?

  9. #9
    Join Date
    May 2006
    Posts
    53
    Would like to hear any news about this also!

  10. #10
    Join Date
    Nov 2010
    Posts
    346
    Would be a good feature!

  11. #11
    Join Date
    Sep 2009
    Posts
    214
    Better security so one extra vote from me.

  12. #12
    Added to versions system, but no time estimate for it's completion:
    https://directadmin.com/features.php?id=1869

    John

  13. #13
    Join Date
    Mar 2017
    Posts
    5
    +1 fot TLSA/DANE.

    my vps/dns provider that had direct admin already supports it but cant set it up for directadmin

  14. #14
    Join Date
    Mar 2017
    Posts
    5

    Thumbs up

    +1 i dont see it added yet.

    My DNS provider it self does have it.

  15. #15
    Join Date
    Dec 2005
    Location
    The Netherlands
    Posts
    58
    +1 Would be great!

  16. #16
    Join Date
    Sep 2005
    Posts
    45
    +1

    Could it hook in with the Let's Encrypt script as well, so that when you get a new LE cert it updates the TLSA record?

  17. #17
    Join Date
    May 2008
    Posts
    487
    Now it is added in DA.

    Will 3 1 1 TLSA work with autorenewal of Lets Encrypt?
    Last edited by wattie; 06-10-2017 at 11:44 AM.

  18. #18
    Join Date
    Feb 2005
    Location
    The Netherlands
    Posts
    287
    Quote Originally Posted by wattie View Post
    Will 3 1 1 TLSA work with autorenewal of Lets Encrypt?
    From: https://www.directadmin.com/features.php?id=1869
    Code:
    ==========================
    TODO
    Link LetsEncrypt to automatically add the TLSA records.
    Looks like we have to have a bit more patience for that, it would be really really nice to have that automatically linked as well of course.

  19. #19
    Join Date
    Mar 2017
    Posts
    5

    Thumbs up Dane

    Would be great that lets encrypt would be automatically linked as well of course.

    and that there will be a good manual for it to set it up.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •