[cabfpub] Checking CAA oneself

Andrew Ayer andrew at sslmate.com
Thu Sep 22 15:15:12 UTC 2016


On Thu, 22 Sep 2016 15:59:38 +0100
Gervase Markham <gerv at mozilla.org> wrote:

> Hi everyone,
> 
> Sorry if this is a bit lazy of me, but does anyone have either or
> both of:
> 
> * A command-line one-liner; or
> * A web page tool
> 
> for checking the CAA record of a domain? I'm sure I used to have a
> one-liner which even decoded the encoding, but I can't find it now.
> And lots of the online DNS tools don't seem to understand CAA.

If you have a new enough version of BIND, you can just use host or dig
like any other record type:

	host -t CAA google.com
	dig google.com CAA

If that doesn't work, dns.google.com supports CAA:

	https://dns.google.com/query?name=google.com&type=CAA

Regards,
Andrew



More information about the Public mailing list