spamhaus / rbldnsd

A small and fast DNS daemon especially made to serve DNSBL zones.
https://rbldnsd.io/
GNU General Public License v2.0
58 stars 12 forks source link

return NOERROR on CAA records #24

Open xfnw opened 3 years ago

xfnw commented 3 years ago

from https://letsencrypt.org/docs/caa/#servfail

If you don’t have DNSSEC enabled and get a SERVFAIL, the second most likely reason is that your authoritative nameserver returned NOTIMP, which as described above is an RFC 1035 violation; it should instead return NOERROR with an empty response. If this is the case, file a bug or a support ticket with your DNS provider.