[cabfpub] CAA records on google.com
Phillip Hallam-Baker
philliph at comodo.com
Fri Jul 12 23:42:24 UTC 2013
JeffH is right. Each entry needs a separate CAA record. This would create one record with the wrong data field.
The reason the records are difficult to read is that BIND does not yet support CAA, they need to rev the code to print the records pretty. The TYPE257 syntax is a hack that allows a legacy server to use new record types without recompiling.
On Jun 27, 2013, at 4:41 PM, Gervase Markham <gerv at mozilla.org> wrote:
> On 19/06/13 13:10, Adam Langley wrote:
>> google.com is now serving two CAA[1] records:
>>
>> $ dig +short -t TYPE257 google.com
>> \# 19 0005697373756573796D616E7465632E636F6D
>> \# 23 0009697373756577696C6473796D616E7465632E636F6D
>>
>> These correspond (I hope) to "issue" and "issuewild" records with a
>> value of "symantec.com".
>
> I'm sure there's a good reason, but I can't find it in the RFC - why are
> the values encoded in this opaque way? Every other type of record I
> 'dig' for seems human-readable. Is this because 'dig' does special
> processing for common record types which it doesn't do for this type
> (and needs to)?
>
> Gerv
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
More information about the Public
mailing list