Comment by chrismorgan

Comment by chrismorgan 2 days ago

2 replies

View on Hacker News

> The dns-01 challenge type will not be available because the DNS is not involved in validating IP addresses. Additionally, there is no mechanism to check CAA records for IP addresses.

Is in-addr.arpa. not usable for these purposes? Given how you can do PTR records to map IP address to domain name, I had just assumed it would be at least theoretically usable for more, even if few or no hosts exposed it so at present.

baby_souffle 2 days ago

That just proves you have a way to manipulate DNS.

Doesn’t prove you own the thing the IP routes to.

Reply View 1 reply
  • mixdup 2 days ago

    I mean that applies to DNS authentication for non-IP certificates, too

    Reply View 0 replies