We’re implementing a CAA pre-check as part of our application’s pre-order verification process.
Given a CAA verification for
www.example.com. Assume that
www.example.com/CAA fails SERVFAIL, but
example.com returns NOERROR.
From my reading of CAB 1.6.6, it appears that, in this situation, a CA would ignore the SERVFAIL, and apply
example.com’s CAA authorization value to
Thank you for your time!