Open nils-wisiol opened 5 years ago
Introduce a client that is able to a automatically update TLSA records on certificate renewal.
I suggest to use CNAMEs pointig to a TLSA-RRs for wildcard-domains and multiple protocols/ports to reduce the size of zones, e.g.
*._tcp 3600 IN TLSA 1 1 1 (...) *._udp 3600 IN CNAME *._tcp
Introduce a client that is able to a automatically update TLSA records on certificate renewal.