Ask HN: Can Cloudflare Improve Transparency on CAA Records with Universal SSL?

I primarily use Let's Encrypt, and I set my own CAA records to ensure only Let's Encrypt can issue certificates for my domain. However, Cloudflare’s hidden CAA records mean that other Certificate Authorities (CAs) could also issue certificates, which isn’t what I intended. This situation has made it harder for me to fully manage my domain’s security settings.

I believe Cloudflare could improve this by either informing users about these CAA records or, ideally, displaying them in the dashboard. It would also help to include guidance, such as mentioning that disabling Universal SSL may be required if users wish to modify or remove these records.

Here are my main concerns: - *Control*: Hidden CAA records make it challenging for users to fully manage their DNS settings. - *Security*: With these hidden records, I’m not sure if any other settings are changed without my knowledge. - *Transparency*: Greater transparency would help users understand and manage Cloudflare’s SSL settings better.

Has anyone else experienced this? I think a bit more openness from Cloudflare would be very helpful for users.