For When You Can't Have The Real Thing
[ start | index | login ]
start > dns > CAA

CAA

Created by dave. Last edited by dave, 4 years and 344 days ago. Viewed 1,162 times. #1
[edit] [rdf]
labels
attachments
(2018-10-16)

Problem

What is CAA record

Solution

CAA record is a DNS record that indicates who is permitted to issue SSL certs for a domain.

>>Information.

bind entry:

xdroop.com.  IN CAA 128 issue "letsencrypt.org"

In action:

# dig @n1 caa xdroop.com

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> @n1 caa xdroop.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49189 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;xdroop.com. IN CAA

;; ANSWER SECTION: xdroop.com. 900 IN CAA 128 issue "letsencrypt.org"

;; AUTHORITY SECTION: xdroop.com. 900 IN NS n2.gridway.net. xdroop.com. 900 IN NS n3.gridway.net. xdroop.com. 900 IN NS n1.gridway.net.

;; ADDITIONAL SECTION: n1.gridway.net. 300 IN A 139.60.168.90 n2.gridway.net. 300 IN A 72.142.112.27 n3.gridway.net. 300 IN A 207.236.146.3

;; Query time: 0 msec ;; SERVER: 139.60.168.90#53(139.60.168.90) ;; WHEN: Tue Oct 16 12:24:25 EDT 2018 ;; MSG SIZE rcvd: 183

no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt