TLSA / DANE support in DNS Management

[Arjandj]

Dear sir/madame,
I would welcome support for TLSA / DANE in the DNS Management of Direct Admin. It makes it possible to add a signature of the website's public key in a TLSA DNS record and when used in combination with DNSSEC prevents man-in-the-middle-attacks with rogue certificates.

Adding basic TLSA support is as easy as adding the possibility to add a TLSA type record. It would be great if this functionality could be added within a short time period. Users then still need to use a TSLA record generator like https://www.huque.com/bin/gen_tlsa or https://ssl-tools.net/tlsa-generator to generate the records. Maybe in a later stage, the creation of the record could be automated, based on the installed SSL certificate of the website.

Please see the following websites for further details about TSLA / DANE:
http://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
http://tools.ietf.org/html/rfc6394
http://tools.ietf.org/html/rfc6698
http://tools.ietf.org/html/rfc7218

Best regards,
Arjan

 

[Arjandj]

Anyone else who would like this functionality?

 

[Marwen]

Will be great to get this. Many german Providers will use DANE in the future.

 

[johannes]

DANE is now IETF standard, RFC7672

https://tools.ietf.org/html/rfc7672
http://www.spinics.net/lists/ietf-ann/msg97737.html
https://www.rfc-editor.org/rfc/rfc7672.txt

 

[tomsullivan5GT]

TLSA is one of those security additions that makes DirectAdmin even more awesome. Yes please!

 

[Erulezz]

+1

Really like to see this added to DA.

 

[Arieh]

+1 for me. The first competitors are already offering TLSA records in DNS management and we shouldn't fall behind.

 

[Arjandj]

Any updates from the Direct Admin developers on whether this feature request will be honored?

 

[Mr. Jinx]

Would like to hear any news about this also!

 

[Petertjuh360]

Would be a good feature!

 

[Fred.]

Better security so one extra vote from me.

 

[DirectAdmin Support]

Added to versions system, but no time estimate for it's completion:
https://directadmin.com/features.php?id=1869

John

 

[Musicfreak]

+1 fot TLSA/DANE.

my vps/dns provider that had direct admin already supports it but cant set it up for directadmin

 

[Musicfreak]

+1 i dont see it added yet.

My DNS provider it self does have it.

 

[Imtek]

+1 Would be great!

 

[dwilko]

+1

Could it hook in with the Let's Encrypt script as well, so that when you get a new LE cert it updates the TLSA record?

 

[wattie]

Now it is added in DA.

Will 3 1 1 TLSA work with autorenewal of Lets Encrypt?

 

[Tristan]

Will 3 1 1 TLSA work with autorenewal of Lets Encrypt?

From: https://www.directadmin.com/features.php?id=1869

==========================
TODO
Link LetsEncrypt to automatically add the TLSA records.

Looks like we have to have a bit more patience for that, it would be really really nice to have that automatically linked as well of course.

 

[Musicfreak]

Dane

Would be great that lets encrypt would be automatically linked as well of course.

and that there will be a good manual for it to set it up.

 

[ziwayujuco]

@DirectAdmin Support please add TLSA / DANE support to Exim.
Exim 4.89 does support it, and it is needed.

TLSA / DANE to the website only is not secure enough.