[cabfpub] Checking CAA oneself
Peter Bowen
pzb at amzn.com
Sat Sep 24 14:47:35 UTC 2016
> On Sep 22, 2016, at 8:40 AM, Gervase Markham <gerv at mozilla.org> wrote:
>
> On 22/09/16 16:03, J.C. Jones wrote:
>> Pretty sure I got this from you at some point. :)
>>
>> dig +short -t TYPE257 "$@" | perl -nE '@x = split(); say map(chr, map { hex } ($x[2] =~ m/../g ))'
>
> Thanks everyone! And in return, here's an improved version which can
> deal with longer entries, like Comodo's:
>
> dig +short -t TYPE257 "$@" | perl -nE '@x = split(); splice(@x, 0, 2);
> say map(chr, map { hex } (join("", @x) =~ m/../g ))'
>
> It seems depressingly few domains deploy CAA, having checked a selection
> of famous ones. Perhaps we need more publicity for it.
Keep in mind that the CAA spec is far more complicated than a single query. See https://tools.ietf.org/html/rfc6844#section-4 for the algorithm to determine which queries need to happen for a given name.
Thanks,
Peter
More information about the Public
mailing list