[cabfpub] Fwd: [Bug 882128] Support CAA records on mozilla.org domain

Rick Andrews Rick_Andrews at symantec.com
Mon Sep 8 16:09:29 UTC 2014 

Thanks for the heads up, Gerv. I have a contact at Akamai that I hope can get me to someone who can help.

One bit of news is that I managed to convince ISC to add CAA support to their upcoming version of BIND: version 9.9.6 (currently in release candidate) has support for CAA. See https://kb.isc.org/article/AA-01202/81/BIND-9.9.6rc1-Release-Notes.html. I'll try to find out if that's the software that Akamai uses.

-Rick

-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Gervase Markham
Sent: Monday, September 08, 2014 6:30 AM
To: CABFPub
Subject: [cabfpub] Fwd: [Bug 882128] Support CAA records on mozilla.org domain

Dear CAB Forum members,

Here's the final determination on why we aren't able to support CAA on mozilla.org at the moment. I started pushing for this because people thought it would be good to get implementation experience; well, here is some :-) If anyone has security contacts inside Akamai who they can encourage to support this, do go ahead.

Gerv

-------- Forwarded Message --------
Subject: [Bug 882128] Support CAA records on mozilla.org domain
Date: Fri, 05 Sep 2014 19:42:27 +0000
From: Bugzilla at Mozilla <bugzilla-daemon at mozilla.org>
To: gerv at mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=882128

Brian Hourigan [:digi] <bhourigan at mozilla.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|needinfo?(bhourigan at mozilla |
                   |.com)                       |

--- Comment #45 from Brian Hourigan [:digi] <bhourigan at mozilla.com>
2014-09-05 12:42:27 PDT ---
I just contacted Akamai CCARE and they confirmed CAA records are not supported.
Our architecture is setup so Akamai AXFRs data from our BIND based hidden masters. While our side would support the record, their ZTA (zone transfer
agent) and proprietary DNS server does not.

--
Configure bugmail: https://bugzilla.mozilla.org/userprefs.cgi?tab=email

-------------------------------
Product/Component: Infrastructure & Operations :: WebOps: Other



------- You are receiving this mail because: ------- You are on the CC list for the bug.
You reported the bug.


_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public

More information about the Public mailing list