「DNS CAA」修訂間的差異
跳至導覽
跳至搜尋
| 行 31: | 行 31: | ||
* 禁用憑證 - Wildcard |
* 禁用憑證 - Wildcard |
||
@ TYPE257 \# 12 0009697373756577696C643B |
@ TYPE257 \# 12 0009697373756577696C643B |
||
| − | * Let's Encrypt 免費憑證 |
+ | * Let's Encrypt 免費憑證 - 單一位址 |
@ TYPE257 \# 22 000569737375656C657473656E63727970742E6F7267 |
@ TYPE257 \# 22 000569737375656C657473656E63727970742E6F7267 |
||
| + | * Let's Encrypt 免費憑證 - Wildcard |
||
| + | @ TYPE257 \# 26 0009697373756577696c646c657473656e63727970742e6f7267 |
||
* Gandi SSL 憑證 - 單一位址 |
* Gandi SSL 憑證 - 單一位址 |
||
@ TYPE257 \# 18 000569737375657365637469676F2E636F6D |
@ TYPE257 \# 18 000569737375657365637469676F2E636F6D |
||
於 2021年1月14日 (四) 03:24 的修訂
DNS Certification Authority Authorization
DNS 憑證頒發機構授權,簡稱:CAA
一種網際網路安全政策機制,允許域名持有人指定可以為其域簽發憑證的憑證頒發機構。
該政策憑藉一個新的域名系統資源記錄「CAA」來實現。
DNS 設定
- 禁用憑證 - 單一位址
@ IN CAA 0 issue ";"
- 禁用憑證 - Wildcard
@ IN CAA 0 issuewild ";"
- Let's Encrypt 免費憑證 - 單一位址
@ IN CAA 0 issue "letsencrypt.org"
- Let's Encrypt 免費憑證 - Wildcard
@ IN CAA 0 issuewild "letsencrypt.org"
- Gandi SSL 憑證 - 單一位址
@ IN CAA 0 issue "sectigo.com"
- Gandi SSL 憑證 - Wildcard
@ IN CAA 0 issuewild "sectigo.com"
- IODEF - E-Mail
@ IN CAA 0 iodef "mailto:iodef@donnet.email"
- IODEF - API
@ IN CAA 0 iodef "http://api.opensoft.cc/iodef/report.aspx"
Windows DNS 設定
Windows DNS 沒有支援 CAA
- 禁用憑證 - 單一位址
@ TYPE257 \# 8 000569737375653B
- 禁用憑證 - Wildcard
@ TYPE257 \# 12 0009697373756577696C643B
- Let's Encrypt 免費憑證 - 單一位址
@ TYPE257 \# 22 000569737375656C657473656E63727970742E6F7267
- Let's Encrypt 免費憑證 - Wildcard
@ TYPE257 \# 26 0009697373756577696c646c657473656e63727970742e6f7267
- Gandi SSL 憑證 - 單一位址
@ TYPE257 \# 18 000569737375657365637469676F2E636F6D
- Gandi SSL 憑證 - Wildcard
@ TYPE257 \# 22 0009697373756577696C647365637469676F2E636F6D
- IODEF - E-Mail
@ TYPE257 \# 32 0005696F6465666D61696C746F3A696F64656640646F6E6E65742E656D61696C
- IODEF - API
@ TYPE257 \# 47 0005696F646566687474703A2F2F6170692E6F70656E736F66742E63632F696F6465662F7265706F72742E61737078