We are pleased to announce a couple of updates to Azure DNS that have been long awaited by our customers:
- Support for Certificate Authority Authorization (CAA) Records
- IPv6 Nameservers
Support for CAA Records
The Certification Authority Authorization (CAA) resource record allows domain owners to specify one or more Certification Authorities (CAs) that are authorized to issue certificates for their domains. Checking for CAA records as part of the certificate issuance process is now mandatory for CAs. This defense-in-depth security feature allows CAs to reduce risk of unintended certificate mis-issue.
The CAA record type supports three properties:
- Flags: An unsigned integer between 0 – 255, used to represent the critical flag that has a specific meaning per the RFC
- Tag: An ASCII string which could be one of the following:
- Issue: allows domain owners to specify CAs that are permitted to issue certificates (all types)
- Issuewild: allows domain owners to specify CAs that are permitted to issue certificates (wildcard certs only)
- Iodef: allows domain owners to specify an email address or hostname to which CAs can notify for certificate issuance requests for domain otherwise not authorized via CAA records
- Value: the value associated with the specific tag used
You can create and manage CAA records via the Azure REST API, PowerShell and CLI.
Over the past few years there has been significant growth not only in DNS clients supporting IPv6, but also with recursive resolvers supporting domain name querying over IPv6. We are pleased to announce that Azure DNS nameservers now support queries over IPv6, in addition to IPv4 as before.
As an example, the below Portal screen capture illustrates how you can find the Azure DNS name servers for your DNS zone hosted in Azure DNS.
You can find the IPv6 address for each of those name servers using a command such as nslookup.
As always, we love getting our customers’ feedback. We have a Azure Feedback channel to receive suggestions for features and future supported scenarios. We encourage you to browse what others are suggesting, vote for your favorites, and enter suggestions of your own.
Please review our public FAQ for answers to the most frequent questions.