Custom SSL Certificates support for setting up DANE

[Mar0xy]

DANE is a ssl protocol which Handshake(Yes, the handshake domains you can buy on porkbun, namecheap and etc) and other blockchain related TLDs use for https support.

Currently if you setup an blockchain domain it will point and work but the switchboard will never detect it due to obvious dns resolving reasons and will constantly force https even if no certificate is present otherwise it works fine.

The automatic redirect to https also breaks dns resolvers which let people view handshake or ens domains without changing their DNS settings like https://hns.to as something like http://marie.decipheress.hns.to redirects to https://marie.decipheress (which works with https://hdns.io setup but obviously SSL being invalid due to no DANE support)

Here is an example video of how people could setup DANE certificates for those type of domains https://www.youtube.com/watch?v=BH6bRIE5qOI

If you also want to automate this system I would recommend trying to add support for multiple dns resolvers when checking for records.

[newbold]

Nearly forgot to comment here after our extensive discussion on IRC! Just confirming that we’re unable to support DANE because of the underlying DNSSEC requirement, which is kind of a deal-breaker across a shared eTLD with a potentially infinite number of zones and no reliable way of managing the required DS records. If DNSimple ever supports automated DS record management then I’ll look into it, but as of today it doesn’t appear that there would be any sane way of managing DANE support.

[Mar0xy]

Sadly I don't think it will ever be automated on DNSimple and will only ever be able to be done via the UI as listed in their help page or API(https://developer.dnsimple.com/v2/domains/dnssec/#createDomainDelegationSignerRecord) also another fun fact this page exists https://support.dnsimple.com/articles/dnsimple-and-handshake/