Yes, I am talking about DNS TLSA RR for HTTPS as per my previous post over here
You are right at the moment browsers do not check it, but there is a add-on “DNSSEC/TLSA Validator” for (Firefox not currently working on v 57+, Internet Explorer (IE), Mozilla Firefox (MF) , Google Chrome/Chromium (GC), Opera (OP), Apple Safari (AS) are supported.) that will check both the DNSSEC and TLSA records of the domain you viewing in your web browser.
So when I run System → Status Checks I am notified with the message:
“This domain’s DNSSEC DS record is not set. The DS record is optional. The DS record activates DNSSEC. To set a DS record, you must follow the instructions provided by your domain name registrar”.
I know this is optional, but if you have an option to set DNSSEC for all the domain names and added to MIAB, would it make sense since the DNS TLSA RR for HTTPS is here to implement it in MIAB as well as on optional extra?
Would it need a loot of work to implement the DNS TLSA RR for HTTPS in System → Status Checks page?
Or would it be possible to make it available in Custom DNS section as a “TLSA” Type along the A, AAAA, CAA, CNAME, TXT, MX, SRV, SSHFT and NS for those who would like to set it up?
If it is not feasible, can someone at lease help me to implement in my set-up correctly for the HTTPS please?