We also need more support from DNS servers.

For my domains, I host everything on the « Cloud », and register my domain 
names on Gandi, who is also my DNS service, with a nice web UI.
I wanted to add a CAA record for testing, but Gandi doesn’t support that. 
Amazon Route 53 doesn’t either. I looked for some documentation about 
Cloudflare DNS, dyn.com Managed DNS, GoDaddy, Microsoft Azure, EasyDNS, none of 
them seem to support CAA.
The only positive finding is that Google Cloud DNS supports CAA records with an 
easy to use UI.

I don’t want to have several dedicated machines with up to date 
Bind/NSD/whatever and a complicated config, just to be protected from erroneous 
DV certificates automatically delivered.

The fact that we still have to use « -t TYPE257 » on dig or host command or the 
equivalent « set type=TYPE257 » on nslookup to manually perform this query is 
not encouraging.

Cordialement,
Erwann Abalea

> Le 22 sept. 2016 à 17:40, Gervase Markham <g...@mozilla.org> a écrit :
> 
> On 22/09/16 16:03, J.C. Jones wrote:
>> Pretty sure I got this from you at some point. :)
>> 
>> dig +short -t TYPE257 "$@" | perl -nE '@x = split(); say map(chr, map { hex 
>> } ($x[2] =~ m/../g ))'
> 
> Thanks everyone! And in return, here's an improved version which can
> deal with longer entries, like Comodo's:
> 
> dig +short -t TYPE257 "$@" | perl -nE '@x = split(); splice(@x, 0, 2);
> say map(chr, map { hex } (join("", @x) =~ m/../g ))'
> 
> It seems depressingly few domains deploy CAA, having checked a selection
> of famous ones. Perhaps we need more publicity for it.
> 
> Gerv
> _______________________________________________
> Public mailing list
> Public@cabforum.org
> https://cabforum.org/mailman/listinfo/public
> 

_______________________________________________
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public

Reply via email to