In the past, HTTPS secured domains have been compromised due to certification misuse. CAA records have the ability to prevent this at the time of certification issuance.
Reston, VA (PRWEB) March 07, 2017
Tiggee subsidiary, DNS Made Easy, announces support for CAA (Certificate Authority Authorization) records, which can improve the security of domains during the certification process. This record type allows the domain name holder to specify one of or more CAs (Certificate Authorities) to issue certificates for that domain, according to RFC 6844.
“Any client using SSL certificates to secure their domain is advised to configure CAA records to safeguard their security,” says President of DNS Made Easy Steven Job. “In the past, HTTPS secured domains have been compromised due to certification misuse. CAA records have the ability to prevent this at the time of certification issuance.”
CAA records seek to solve this issue by declaring the domain owner’s preferred CA, eliminating the risk of false CAs from issuing fake certificates. CAA records must be created before application for certificates are made. CAA records can be customized to specify wild card domains and receive emails when CAs find certificate policy violations.
Websites that are looking to use HTTPS, but have not configured CAA records are putting themselves and their clients at risk. In the past, malicious parties were able to distribute malware, intercept secure traffic, and sell illegitimate certificates because websites weren’t able to declare their preferred CA. CAA records prevent this from happening, because domain administrators can specify the exact CA that is authoritative for issuing their domain’s certificates.
Domain security has growing implications according to news from Google that is now considering HTTPS is a ranking signal. Domain administrators need to switch to HTTPS, because in the near future Google will consider HTTP domains as insecure and penalize them in search results. Domain owners that make the switch to HTTPS should also add the appropriate CAA record(s) to ensure security.
Full documentation for DNS Made Easy configuration of CAA records can be found on their help site.
About DNS Made Easy
DNS Made Easy is a subsidiary of Tiggee, and is a world leader in providing global IP Anycast enterprise DNS services. DNS Made Easy implemented the industry’s first triple independent Anycast cloud architecture for maximum DNS speed and DNS redundancy. Originally launched in 2002, DNS Made Easy’s services have grown to manage hundreds of thousands of customer domains receiving more than 30 billion queries per day. Today, DNS Made Easy builds on a proud history of uptime and is the preferred DNS hosting choice for most major brands, especially companies that compare price and performance of enterprise IP Anycast alternatives.