Closed nagavijayan-nagarathinam closed 3 years ago
Could you please post the results of a dig for the same query?
On 7 Oct 2020, at 14:48, Nagavijayan notifications@github.com wrote:
When i try to resolve CAA using DNSruby, i used to get CNAME answer.
pfa
https://user-images.githubusercontent.com/53569528/95339553-ccacdd00-08d1-11eb-97c6-9253d1ad3ff3.png — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/alexdalitz/dnsruby/issues/167, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB2WFWX6W3UZDYWYHMSFFJTSJRWTFANCNFSM4SHNRQCQ.
So I think you’re getting the same answer from dig as from dnsruby, right?
I think the idea of CAA validation is that it follows the CNAMEs until it finds a CAA record. However, dig and dnsruby are simply returning the results of the original query, which I believe is the correct behaviour - they do not do CAA validation.
On 7 Oct 2020, at 15:03, Nagavijayan notifications@github.com wrote:
https://user-images.githubusercontent.com/53569528/95341464-ec450500-08d3-11eb-9820-752048b689e2.png — You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/alexdalitz/dnsruby/issues/167#issuecomment-704958215, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB2WFWSXOVTY7HPT2AFL7MTSJRYLXANCNFSM4SHNRQCQ.
When i try to resolve CAA using DNSruby, i used to get CNAME answer.
pfa