Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6127

CAA Validator should only lookup CAA records instead of ANY

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: EJBCA 6.9.0.6
    • Fix Version/s: EJBCA 6.9.1
    • Component/s: None
    • Labels:

      Description

      -Turns out that not all DNS's allow requesting ANY-records, so we should split it up into several lookups. -

      -Since we already have the ANY-option, I suggest making this a configurable choice - do one lookup with ANY, or make several lookups for the specific records. -

      Turns out that requesting CAA records will return all connected records as well.

      RFC 1034:

      When a name server fails to find a desired RR in the resource set associated with the
             domain name, it checks to see if the resource set consists of a CNAME
             record with a matching class.  If so, the name server includes the CNAME
             record in the response and restarts the query at the domain name
             specified in the data field of the CNAME record.
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                bastianf Bastian Fredriksson
                Reporter:
                mikek Mike Agrenius Kushner
                Verified by:
                Mike Agrenius Kushner
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 4 days
                  4d
                  Remaining:
                  Remaining Estimate - 3 days, 7 hours, 50 minutes
                  3d 7h 50m
                  Logged:
                  Remaining Estimate - 3 days, 7 hours, 50 minutes
                  10m