DNS certification authority authorization (CAA) resource records (rfc6844) allow us to declare which certificate authorities are allowed to issue a certificate for a domain.SSL Labs is already checking for CAA records.
Please add this to the Web Hosting Control Panel. I've already had this come up from a security audit.
Did you contact Dreamhost support? They might be able to add for you. The more requests they get for something like that the faster you will see customer level support via the panel.
+1. See https://blog.qualys.com/ssllabs/2017/03/13/caa-mandated-by-cabrowser-forum
And yes, I just submitted my support request for it too.
I, too, would like this capability.
And as a follow-up, support says CAA DNS records are not currently supported, so asking them for it just underscores the need for this suggestion at this point.
Hello folks, thanks for chiming in on this one. The issue is on DreamHost developer's radar. I don' t have an ETA yet but I'll be reporting here any progress I will see on the internal issue.
It is October now, and the initial request was made back in April. The DNS resource type 'CAA' is an RFC spec that has been included in BIND since 2016. It is supported by most all other registrars. See: https://sslmate.com/caa/support
This needs to be a priority. Do I really need to change registrars to enable CAA security? Please fix this Dreamhost.