Use CNAME for TLSA
It would be useful to be able to use a CNAME record to set TLSA. Currently, you cant set le-ca-x3 3600 IN TLSA 2 0 1 25847d668eb4f04fdd40b12b6b0740c567da7d024308eb6c2c96fe41d9de218d
, because it's not recognized as valid hostname. I think it should be possible to add this, and then add _25._tcp.mx1 3600 IN CNAME le-ca-x3
. This is possible with a DNS provider with one of my clients and is very handy if you have to change the public key for a bunch of services.