<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hello,<br>
I have a ton of websites running letsencrypt. That's great, I like
it, but starting in April they started requiring CAA records. A new
record to be sure and, according to the docs, it is supported.
There is nothing in the docs about how to construct the record. <br>
<br>
I'm running PDNS 4.04 which I compiled from the sources on Ubuntu
16.04 <br>
<br>
I've tried adding the record directly into the database by sql. head
for a caa checker and no dice.<br>
<br>
I've added the record so far as: <br>
<br>
<tt>deacon.xyonet.com 3600 IN CAA 0 issue
"letsencrypt.org"</tt><br>
<br>
I've entered in this generic way. There is no documentation that
says to format it any differently for pdns.<br>
<br>
I had to change my primary DNS server late last night, should I just
wait another day or two for this all to settle down? I haven't
reconciled the dnssec piece, yet. Just trying to get website going
after a not so very smooth migration that's just been trouble all
the way.<br>
<br>
The tools that I've found (nslookup, dig, etc) so far don't allow me
to query CAA records. the pdns-util parser is telling me the
record is OK, but at this point, since none of the online tools can
look it up, I'm thinking their might be something that I'm doing
wrong.<br>
<br>
If anyone has any advice on how to proceed, that would be greatly
appreciated.<br>
<br>
All the online testers are coming up with nothing. I've verified
that the record exists in both databases (primary and slave).<br>
<br>
<br>
thanks in advance,<br>
Curtis<br>
<br>
<div class="moz-signature">-- <br>
Curtis Maurand<br>
<a href="mailto:curtis@maurand.com">curtis@maurand.com</a><br>
207-252-7748</div>
</body>
</html>