Hi Anders! I think the CAA record generator for tinydns is buggy: a BIND9 zone transfer doesn't like a CAA record generated by this and served by tinydns. The encoding looks suspicious: \005issue without a \000? a char-string without length?
The second byte is pure garbage. Full record should be: 000569737375656C657473656E63727970742E6F7267 00 - flags 05 - length of tag 6973737565 - tag ("issue") C657473656E63727970742E6F7267 - value ("http://letsencrypt.org ")
-
-
Thanks. Going to dive into the code and understand what's happening.
-
You're welcome! Let me know what you find, so I can make a note on https://sslmate.com/caa/support if necessary.
-
Should be fixed now.
@anders94's generator writes \128 instead of \200 when setting the flag! The value is interpreted in octal, not decimal, so \128 was interpreted as \12 '8' (the 0A38 you saw). It's all a lot simpler than I feared.
-
Hey - interested in fixing this. Had \200 but https://twitter.com/kg4zow/status/978327788884254720 … claims it should be \128. Thoughts?
-
Aah - I have it backwards - never mind. Fixed.
-
Thanks!
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.