Closed mnalis closed 7 years ago
I second this request! There's a script at https://github.com/Weebly/tinydns-filter that shows how to verify and build CAA records for tinydns.
If you could provide an example of what the following record should look like, it would help me add support for tinydns:
example.com. IN CAA 0 issue "comodoca.com"
In RFC3597 syntax:
example.com. IN TYPE257 \# 19 00056973737565636F6D6F646F63612E636F6D
Sure, no problem. In DJB's tinydns it would be this generic record:
:example.com:257:\000\005issuecomodoca.com
Or, if you wanted to specify record TTL of one hour:
:example.com:257:\000\005issuecomodoca.com:3600
Note that if the "body" of the record contains :
(or any non-printable-ASCII), you need to encode them in octal with \xxx
, like this (\072
is :
in example below):
:example.com:257:\000\005iodefmailto\072noc@example.com:86400
for
example.com. 86400 IN CAA 0 iodef "mailto:noc@example.com"
Thank you @mnalis, that was very helpful! tinydns is now supported
tinydns authoritative name server (from djbdns suite) supports so-called "Generic record" (":", which is somewhat similar to RFC 3597 Syntax). Could you implement it on the https://sslmate.com/labs/caa/ webpage too?
Docs are at: http://cr.yp.to/djbdns/tinydns-data.html