[Pdns-users] CAA Records

Curtis Maurand curtis at maurand.com
Sun Aug 13 17:40:53 UTC 2017

I have a ton of websites running letsencrypt.  That's great, I like it, 
but starting in April they started requiring CAA records.  A new record 
to be sure and, according to the docs, it is supported. There is nothing 
in the docs about how to construct the record.

I'm running PDNS 4.04 which I compiled from the sources on Ubuntu 16.04

I've tried adding the record directly into the database by sql. head for 
a caa checker and no dice.

I've added the record so far as:

deacon.xyonet.com       3600    IN      CAA     0 issue "letsencrypt.org"

I've entered in this generic way.  There is no documentation that says 
to format it any differently for pdns.

I had to change my primary DNS server late last night, should I just 
wait another day or two for this all to settle down?   I haven't 
reconciled the dnssec piece, yet.  Just trying to get website going 
after a not so very smooth migration that's just been trouble all the way.

The tools that I've found (nslookup, dig, etc) so far don't allow me to 
query  CAA records.  the pdns-util parser is telling me the record is 
OK, but at this point, since none of the online tools can look it up, 
I'm thinking their might be something that I'm doing wrong.

If anyone has any advice on how to proceed, that would be greatly 

All the online testers are coming up with nothing.  I've verified that 
the record exists in both databases (primary and slave).

thanks in advance,

Curtis Maurand
curtis at maurand.com <mailto:curtis at maurand.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20170813/5958e29c/attachment.html>

More information about the Pdns-users mailing list