View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0012651||administration||security||public||2017-01-14 11:13||2018-03-26 12:12|
|Target Version||Fixed in Version|
|Summary||0012651: Add CAA DNS RR to centos.org|
|Description||DNS Certification Authority Authorization (CAA) is specified by RFC 6844, see e.g. https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization for more details. As of writing, there is no CAA DNS RR for the zone centos.org|
At https://sslmate.com/labs/caa/ there is a webbased generator (including RFC 3597 syntax for old BIND installations).
centos.org. CAA 0 issue "digicert.com"
centos.org. CAA 0 issue "letsencrypt.org"
centos.org. CAA 0 issuewild ";"
centos.org. CAA 0 iodef "mailto:firstname.lastname@example.org"
Having the records also for other CentOS related domains/zones might make sense.
|Tags||No tags attached.|
DNS records added for centos.org
Can you confirm that it works for you ?
$ host -t CAA centos.org
centos.org has CAA record 0 issue "letsencrypt.org"
centos.org has CAA record 0 issue "digicert.com"
centos.org has CAA record 0 issuewild "\;"
Looks good to me. I guess having not "iodef" (to have possible violations reported to that e-mail address - like in my suggestion) is intended, right?
|2017-01-14 11:13||rsc||New Issue|
|2017-01-17 07:27||arrfab||Status||new => acknowledged|
|2017-01-17 10:08||arrfab||Status||acknowledged => feedback|
|2017-01-17 10:08||arrfab||Note Added: 0028380|
|2017-01-17 11:10||rsc||Note Added: 0028383|
|2017-01-17 11:10||rsc||Status||feedback => assigned|
|2017-01-17 11:13||arrfab||Status||assigned => resolved|
|2017-01-17 11:13||arrfab||Resolution||open => fixed|