CAA DNS Records Provide Additional Domain Protection

In 2013, the CA/Browser Forum passed an intent to allow a DNS domain name (joeblow.com) holder to specify one or more Certification Authorities (CAs) authorization to issue certificates for their domain. No other CAs would be authorized to issue that domain’s certificate.

This is accomplished by the domain holder adding a “CAA” record to their DNS for their domain. This helps mitigate the problem that the public CA trust system is only as strong as its weakest CA.

Organized in 2005, the CA/Browser Forum is a voluntary group of certification authorities (CAs), vendors of Internet browser software, and suppliers of other applications that use X.509 v.3 digital certificates for SSL/TLS and code signing.

View the full ballot.

On August 21st, 2017, Amazon Web Services (AWS) announced that their DNS service “Route 53” now supports CAA records.

Advertisements

#aws, #ca, #caa, #certificate, #dns, #domain

Flushing Google Chrome DNS

Google’s Chrome browser keeps its own DNS cache for whatever reason. Clearing your local OS DNS cache isn’t good enough to resolve a new IP that it likes.

Rarely do I ever run into this issue on my Windows 7/8/10 machines but for Mac users it’s a more common issue.

But here’s what I found worked for a sticky DNS issue I just ran into on Windows 10:

  1. Clear OS DNS cache using “ipconfig /flushdns” in the command prompt.
  2. Go to “chrome://net-internals/#dns” in Google Chrome
  3. Click the “Clear Host Cache” button on the page that is now displayed.
  4. Clear OS DNS cache using “ipconfig /flushdns” in the command prompt.
google-dns-cache

Chrome’s DNS cache screen

#cache, #chrome, #dns, #google