How can I implement a function that checks if CAA query timed out
problem will occur when registering an SSL certificate for a domain name with certbot
?
For example, the function should return true
when given www.babushop.com.tw
as the input. Because unboundtest.com returns timeout (see check result here) when checking the CAA record for www.babushop.com.tw
domain.
And the function should return false
when the input is app.tophood.com.tw
. Because unboundtest.com doesn’t return timeout (see check result here) when checking the CAA record for app.tophood.com.tw
.
I cannot trigger certbot
directly to check if there’s a CAA query timed out
problem with the given domain name. Because this function should be triggered before the given domain points the server of my company.
Here’s what I have done with node.js:
const dns = require('dns-socket')
const defaultDNS = '10.11.1.5' // My DNS server
const socket = dns()
function checkCaa (domainName) {
console.log(`domainName: ${domainName}`)
socket.query({
questions: [{
type: 'CAA',
name: domainName
}]
}, 53, defaultDNS, (err, res) => {
console.error(`Error: ${err}`)
console.log(`Response: ${JSON.stringify(res)}`)
socket.destroy()
})
}
checkCaa('www.babushop.com.tw')
dns-socket
module can be found here.
I found my function returns different result when executing it for multiple times. This makes me difficult to determine if CAA query timed out
problem will occur with the given domain name.
For example, when I run the function for the first time, it returns:
domainName: www.babushop.com.tw
Error: Error: Query timed out
Response: undefined
And here’s the execution result when I run it for the second time:
domainName: www.babushop.com.tw
Error: null
Response: {"id":57224,"type":"response","flags":386,"questions":[{"name":"www.babushop.com.tw","type":"CAA","class":1}],"answers":[],"authorities":[],"additionals":[]}
It seems that something got cached inside my DNS server.
Does any know any better ways to determine if CAA query timed out
will occur before running certbot
to register a domain name?