Hi Anders! I think the CAA record generator for tinydns is buggy: a BIND9 zone transfer doesn't like a CAA record generated by this and served by tinydns. The encoding looks suspicious: \005issue without a \000? a char-string without length?
The second byte is pure garbage. Full record should be: 000569737375656C657473656E63727970742E6F7267 00 - flags 05 - length of tag 6973737565 - tag ("issue") C657473656E63727970742E6F7267 - value ("http://letsencrypt.org ")
-
-
Thanks. Going to dive into the code and understand what's happening.
-
You're welcome! Let me know what you find, so I can make a note on https://sslmate.com/caa/support if necessary.
- 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.