View Issue Details

IDProjectCategoryView StatusLast Update
0012651administrationsecuritypublic2018-03-26 12:12
Reporterrsc 
PrioritynormalSeverityminorReproducibilityN/A
Status resolvedResolutionfixed 
Product Version 
Target VersionFixed in Version 
Summary0012651: Add CAA DNS RR to centos.org
DescriptionDNS Certification Authority Authorization (CAA) is specified by RFC 6844, see e.g. https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization for more details. As of writing, there is no CAA DNS RR for the zone centos.org

At https://sslmate.com/labs/caa/ there is a webbased generator (including RFC 3597 syntax for old BIND installations).

centos.org. CAA 0 issue "digicert.com"
centos.org. CAA 0 issue "letsencrypt.org"
centos.org. CAA 0 issuewild ";"
centos.org. CAA 0 iodef "mailto:hostmaster@centos.org"

Having the records also for other CentOS related domains/zones might make sense.
TagsNo tags attached.

Activities

arrfab

arrfab

2017-01-17 10:08

administrator   ~0028380

DNS records added for centos.org
Can you confirm that it works for you ?
rsc

rsc

2017-01-17 11:10

reporter   ~0028383

$ host -t CAA centos.org
centos.org has CAA record 0 issue "letsencrypt.org"
centos.org has CAA record 0 issue "digicert.com"
centos.org has CAA record 0 issuewild "\;"
$

Looks good to me. I guess having not "iodef" (to have possible violations reported to that e-mail address - like in my suggestion) is intended, right?

Issue History

Date Modified Username Field Change
2017-01-14 11:13 rsc New Issue
2017-01-17 07:27 arrfab Status new => acknowledged
2017-01-17 10:08 arrfab Status acknowledged => feedback
2017-01-17 10:08 arrfab Note Added: 0028380
2017-01-17 11:10 rsc Note Added: 0028383
2017-01-17 11:10 rsc Status feedback => assigned
2017-01-17 11:13 arrfab Status assigned => resolved
2017-01-17 11:13 arrfab Resolution open => fixed