Comment by chrismorgan
2 days ago
> The dns-01 challenge type will not be available because the DNS is not involved in validating IP addresses. Additionally, there is no mechanism to check CAA records for IP addresses.
Is in-addr.arpa. not usable for these purposes? Given how you can do PTR records to map IP address to domain name, I had just assumed it would be at least theoretically usable for more, even if few or no hosts exposed it so at present.
That just proves you have a way to manipulate DNS.
Doesn’t prove you own the thing the IP routes to.
I mean that applies to DNS authentication for non-IP certificates, too