[cabfpub] Checking CAA oneself
Andrew Ayer
andrew at sslmate.com
Thu Sep 22 15:15:12 UTC 2016
On Thu, 22 Sep 2016 15:59:38 +0100
Gervase Markham <gerv at mozilla.org> wrote:
> Hi everyone,
>
> Sorry if this is a bit lazy of me, but does anyone have either or
> both of:
>
> * A command-line one-liner; or
> * A web page tool
>
> for checking the CAA record of a domain? I'm sure I used to have a
> one-liner which even decoded the encoding, but I can't find it now.
> And lots of the online DNS tools don't seem to understand CAA.
If you have a new enough version of BIND, you can just use host or dig
like any other record type:
host -t CAA google.com
dig google.com CAA
If that doesn't work, dns.google.com supports CAA:
https://dns.google.com/query?name=google.com&type=CAA
Regards,
Andrew
More information about the Public
mailing list