DNS CAA records...

Nolan Berry nolan.berry at RACKSPACE.COM
Wed Jan 18 00:12:32 UTC 2017

So a quick look into this I see one potential real world example:

google.com.        129    IN    A
google.com.        74411    IN    NS    ns4.google.com.
google.com.        74411    IN    NS    ns1.google.com.
google.com.        74411    IN    NS    ns2.google.com.
google.com.        74411    IN    NS    ns3.google.com.
google.com.        3054    IN    TXT    "v=spf1 include:_spf.google.com ~all"
google.com.        64    IN    AAAA    2607:f8b0:4000:802::200e
google.com.        54475    IN    TYPE257    \# 19 0005697373756573796D616E7465632E636F6D

In RFC 6844 section 7.1 it states

"IANA has assigned Resource Record Type 257 for the CAA Resource Record Type"

and I am seeing:

google.com.        54475    IN    TYPE257    \# 19 0005697373756573796D616E7465632E636F6D

Nolan Berry

Linux Systems Engineer

DNS Engineering

Rackspace Hosting

From: NANOG <nanog-bounces at nanog.org> on behalf of Eric Tykwinski <eric-list at truenet.com>
Sent: Tuesday, January 17, 2017 6:04:31 PM
To: nanog list
Subject: DNS CAA records...

So I’ve come across this on Qualys and just wondering if there’s any practical examples out there in the wild.
I know some BIND guys are on here, so I’m sure I’m missing something from the RFCs.
Just wanted to test this out on my play domains before putting it out in the wild...


Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

More information about the NANOG mailing list