[cabfpub] Checking CAA oneself

Peter Bowen pzb at amzn.com
Sat Sep 24 14:47:35 UTC 2016


> On Sep 22, 2016, at 8:40 AM, Gervase Markham <gerv at mozilla.org> wrote:
> 
> On 22/09/16 16:03, J.C. Jones wrote:
>> Pretty sure I got this from you at some point. :)
>> 
>> dig +short -t TYPE257 "$@" | perl -nE '@x = split(); say map(chr, map { hex } ($x[2] =~ m/../g ))'
> 
> Thanks everyone! And in return, here's an improved version which can
> deal with longer entries, like Comodo's:
> 
> dig +short -t TYPE257 "$@" | perl -nE '@x = split(); splice(@x, 0, 2);
> say map(chr, map { hex } (join("", @x) =~ m/../g ))'
> 
> It seems depressingly few domains deploy CAA, having checked a selection
> of famous ones. Perhaps we need more publicity for it.

Keep in mind that the CAA spec is far more complicated than a single query.  See https://tools.ietf.org/html/rfc6844#section-4 for the algorithm to determine which queries need to happen for a given name.

Thanks,
Peter


More information about the Public mailing list