DNS CAA records...

Royce Williams royce at techsolvency.com
Sat Jan 21 17:37:46 UTC 2017


On Tue, Jan 17, 2017 at 4:54 PM, Royce Williams <royce at techsolvency.com> wrote:

[snip of CAA-record intro stuff]

> An explicit scan for CAA records (against, say, in
> all domains seen in DNS ANY) would likely be interesting.

Out of curiosity, I used zscan/zdns [1] to scan the OpenDNS top 1
million domains [2] for CAA records.

Only 37 popped up:

appspot-preview.com
appspot.com
centos.org
comodo.com
compricer.se
csswg.org
dnsimple.com
ekom21.de
entrust.net
fu-berlin.de
google.com
googleusercontent.com
hr.nl
hro.nl
instantssl.com
intra.net
magticom.ge
mail.de
minuporno.com
mobileread.com
monash.edu
ntplx.net
pdgamedev.com
posteo.de
pstatic.net
rio2016.com
samba.org
shat.net
sumologic.com
svwh.net
symantec.com
tensquaregames.com
thefacebook.com
tsheets.com
unfcu.org
uni-sofia.bg
weddingwire.com

1. https://github.com/zmap/zdns
2. https://blog.opendns.com/2016/12/14/cisco-umbrella-1-million/

Royce



More information about the NANOG mailing list