AGWA
commented
6 years ago @davkastheranger could you clarify? Do you mean they added CAA records for your zones without you asking them to? If so, what did the CAA records contain?
Closed davkastheranger closed 6 years ago
AGWA
commented
6 years ago @davkastheranger could you clarify? Do you mean they added CAA records for your zones without you asking them to? If so, what did the CAA records contain?
davkastheranger
commented
6 years ago Yes, they issued the records without notification or consent. They created a CAA record for my wildcard cert (issuewild) for globalsign and alphassl (alphassl resell globalsign certs).
I ended up adding another CAA record with an iodef tag for notifications.
waded
commented
6 years ago Used GoDaddy's DNS management screens to manually add CAA for a domain the other day, and verified the configuration w/ SSL Labs' SSL Test. The screens are still as shown above.
AGWA
commented
6 years ago @waded cool, thanks for chiming in! I just added GoDaddy to https://sslmate.com/caa/support
Did you see any automatically-added CAA records like @davkastheranger reported?
waded
commented
6 years ago @AGWA I didn't. I was in the process of moving this domain back to GoDaddy's DNS; they didn't add any CAA records for me as I did that. I don't have other domains w/ GoDaddy's DNS to check.
AGWA
commented
6 years ago @waded Thanks.
I think it's pretty unlikely that GoDaddy is adding automatic CAA records, especially for a competitor, so I'm going to close this ticket.
https://www.godaddy.com/help/using-caa-records-with-your-ssl-certificate-27227 It doesn't explicitly say it does in this, but They automatically created issuewild CAA records for my DNS Zones.