I’ve just hit a new customer signup who are using this mob, and… it ain’t pretty.
Like you, @jsha, I can’t figure out exactly what the problem is with their service of CAA records. It might be that the responses are corrupted, although I’m surprised that unbound doesn’t shout a big warning about that.
It definitely seems their DNS servers are broken in many spectacular and varied ways. When I
dig @ns2.namebrightdns.com nonexistentname.threadbanger.com I get a vaguely consistent
NXDOMAIN!) response that includes the warning “Message has 11 extra bytes at the end”. On the other hand, if I ask for a CAA record (for a name that does or doesn’t exist) I get a response that indicates it has one
ADDITIONAL record, but none is printed. Worse, their servers are so screwed up that if I resolve a name that I know is a CNAME (
forum.threadbanger.com) it only answers with the CNAME for
AAAA requests – everything else gets an empty
NOERROR (most with “11 extra bytes at the end”).
Essentially, I think these people are running maxtremely shonky software. I don’t know what, because the usual
bind.version query doesn’t return anything, which leads me to think it’s probably home-grown. I’ve advised our customer to find a new DNS provider, because I can’t imagine all this crazy is going to be fixed real quick.