Earlier this year the CA/Browser Forum voted to make Certificate Authority Authorization (CAA) mandatory for all Certificate Authorities. What this means that domains will need to assert via DNS records (the CAA DNS RRType) which CA’s are permitted to issue certificates for your domains. Think of it as “sort of like SPF, but for SSL/TLS certs”.
CAA records are now enabled in the ZoneEdit control panel. (If you don’t see the Advanced DNS Records, make sure they are enabled in your user preferences.) Continue reading