search

nix-community / dns.nix

A Nix DSL for DNS zone files [maintainers=@raitobezarius @kirelagin @Tom-Hubrecht]
Mozilla Public License 2.0
128 stars 24 forks source link

caa: fix critical flag according to rfc8659 #32

Closed MarcelCoding closed 4 months ago

MarcelCoding commented 5 months ago

https://datatracker.ietf.org/doc/html/rfc8659#name-critical-flag

kirelagin commented 5 months ago

Could you please a comment explaining the logic of this? I believe, 4.1 is the relevant reference.

SuperSandro2000 commented 5 months ago

also see https://letsencrypt.org/docs/caa/#what-to-put-in-the-record

MarcelCoding commented 5 months ago

Have a look at the linked section: 4.5 "Critical Flag"

kirelagin commented 5 months ago

I’ve looked at the linked section: there is nothing there that explains the format of the flags field and nothing that says which bit or the one. Both of these are specified in 4.1.

MarcelCoding commented 5 months ago

Hi, I actually found that the section that you referenced explains this way better: (I've highlighted the corresponding parts.)

In the second screenshot I've made an example how the critical bit results in 128 in a bit representation.

PS: In the sections I've linked it is only mentioned in the example.

Screenshot_20240528-145951.png

Screenshot_20240528-150244.png

SuperSandro2000 commented 4 months ago

Can this PR be merged? Otherwise CAA records do not work as expected.

@Tom-Hubrecht