CAA prevents DNS propagation

Ubuntu Linux 18.04.2
BIND version 9.11

I have this on line 20 in my /var/lib/bind/mydomain.com.hosts

dns: mydomain.com. IN CAA 0 issue “letsencrypt.org” mydomain.com. IN CAA 0 issuewild “;”

It produced this output from BIND in syslog :

/var/lib/bind/mydomain.com.hosts:20: unknown RR type ‘mydomain.com.’
zone mydomain.com/IN: loading from master file /var/lib/bind/mydomain.com.hosts failed: unknown class/type
zone mydomain.com/IN: not loaded due to errors.

This prevents DNS propagation from the registrar of this domain because the DNS zone is never loaded.

Hi @conandrum

if you have a CAA problem, your domain is relevant.

And ";" blocks all. So you can't create a certificate.

Wow that was fast. Thanks for replying.
What should I have there to avoid these problems?

You might find this tool helpful to generate a CAA policy.

Thanks for this tool which gave me this:

Standard Zone File

For BIND ≥9.9.6, PowerDNS ≥4.0.0, NSD ≥4.0.1, Knot DNS ≥2.2.0
mydomain.com. IN CAA 0 issue “letsencrypt.org”
mydomain.com. IN CAA 0 issue “sectigo.com”

My question now is this:
How do I place the above 2 lines on a sinle line? Do I separate them with a semicolon?
And what about 'dns: ‘? Before I had ’ dns: mydomain.com IN CAA …etc’
Is 'dns: ’ not required?

You don't. Tools shows you the appropriate config for Bind. The 2 lines stay on 2 lines.

I have never seen a config file for Bind with this prefix, are you sure you are running Bind ?

Sure I am running BIND.
'dns: ’ I cannot remember where I got that… probably followed some guide and it wrongly ended up in my definition.
2 separate lines… OK
See, I am using virtualmin:

virtualmin modify-template --name “Default Settings” --setting dns --value ‘{DOM}. IN CAA 0 issue "letsencrypt.org" {DOM}. IN CAA 0 issuewild “;”’

The value is a string, I guess I have to echo the string with a new line separating the 2 lines.

Thanks to all

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.