alt Hacker NewsJust be careful, if you host your DNS at Cloudflare (maybe others?), they will rewrite your CAA record[0] if you use TLS with them. This is in the name of convenience but it was surprising when I first learned.
[0]: https://developers.cloudflare.com/ssl/edge-certificates/caa-...
Cloudflare is basically MITMAAS for the US Gov. If you are worried about state actor wiretapping, you should avoid them altogether.