| ▲ | JackSlateur 3 days ago |
| You have people paid to create DNS records ? Haha |
|
| ▲ | dijit 3 days ago | parent | next [-] |
| its’ not practical to give everyone write access to the google.com root zone. Someone will fuck up accidentally, so production zones are usually gated somehow, sometimes with humans instead of pure automata. |
| |
| ▲ | JackSlateur 3 days ago | parent [-] | | Why not ? Giving write access does not mean giving unrestricted write access Also, another way (which I built in a previous compagny) is to create a simple certificate provider (API or whatever), integrated with whatever internal authentication scheme you are using, and are able to sign csr for you. A LE proxy, as you might call it |
|
|
| ▲ | SoftTalker 3 days ago | parent | prev [-] |
| Yes we do. That’s not the only thing they do of course. |
| |
| ▲ | xorcist 2 days ago | parent [-] | | It also sounds like the right people to handle certificate issuance? If you are not in a good position in the internal organization to control DNS, you probably shouldn't handle certificate issuance either. It makes sense to have a specific part of the organization responsible. |
|
