Symptoms
A CAA record was added to a domain either through UX1 by the owner of the domain or through PCP by Provider.
Example:
Domain name | Flag | Tag | Value |
example.com. | 0 | issue | ca.example.net |
A check on the DNS servers which run on PowerDNS shows that the record was also added:
Example:
[root@dns1 ~]# pdnsutil list-zone example.com | grep CAA example.com 3600 IN CAA 0 issue “ca.example.net
However, checking using (for example) dig returns no CAA record which shows that the record does not propagated (or more accurately cached) globally anytime at all.
Example:
[/home/myuser ~]# dig caa nsnk-orgel.server-queen.jp +short
✔
Eample of request with expected answer:
[/home/myuser ~]# dig caa google.com +short
0 issue "pki.goog"
Cause
The DNS servers are running on PowerDNS version less that version 4.0.0.
PowerDNS only starts to support CAA record (type 257) per se since version 4.0.0.
Official upgrade notice from PowerDNS can be obtained from here.
To check which PowerDNS version installed on a certain DNS server, please use this command:
pdns_server --version
Resolution
CloudBlue Commerce 20.5 supports PowerDNS 4.1.4. It is officially stated in the CloudBlue Commerce 20.5 documentation here.
To upgrade to this version please follow instructions from a KCS article here.