CAA prevents DNS propagation

Ubuntu Linux 18.04.2
BIND version 9.11

I have this on line 20 in my /var/lib/bind/

dns: IN CAA 0 issue “ IN CAA 0 issuewild “;”

It produced this output from BIND in syslog :

/var/lib/bind/ unknown RR type ‘’
zone loading from master file /var/lib/bind/ failed: unknown class/type
zone not loaded due to errors.

This prevents DNS propagation from the registrar of this domain because the DNS zone is never loaded.

Hi @conandrum

if you have a CAA problem, your domain is relevant.

And ";" blocks all. So you can't create a certificate.

1 Like

Wow that was fast. Thanks for replying.
What should I have there to avoid these problems?

You might find this tool helpful to generate a CAA policy.

1 Like

Thanks for this tool which gave me this:

Standard Zone File

For BIND ≥9.9.6, PowerDNS ≥4.0.0, NSD ≥4.0.1, Knot DNS ≥2.2.0 IN CAA 0 issue “ IN CAA 0 issue “

My question now is this:
How do I place the above 2 lines on a sinle line? Do I separate them with a semicolon?
And what about 'dns: ‘? Before I had ’ dns: IN CAA …etc’
Is 'dns: ’ not required?

1 Like

You don't. Tools shows you the appropriate config for Bind. The 2 lines stay on 2 lines.

I have never seen a config file for Bind with this prefix, are you sure you are running Bind ?


Sure I am running BIND.
'dns: ’ I cannot remember where I got that… probably followed some guide and it wrongly ended up in my definition.
2 separate lines… OK
See, I am using virtualmin:

virtualmin modify-template --name “Default Settings” --setting dns --value ‘{DOM}. IN CAA 0 issue "" {DOM}. IN CAA 0 issuewild “;”’

The value is a string, I guess I have to echo the string with a new line separating the 2 lines.

Thanks to all

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.