Description of problem:
Adding DNS records for DNS Certification Authority Authorization (CAA) as
specified in RFC 6844 to a zone file in BIND does not work, because BIND is
not aware about the RRs in version 9.9.4:
redhat.com. CAA 0 issue "symantec.com"
redhat.com. CAA 0 issuewild "digicert.com"
Instead you need to specify them according to the RFC 3597 syntax:
redhat.com. TYPE257 \# 19 0005697373756573796D616E7465632E636F6D
redhat.com. TYPE257 \# 23 0009697373756577696C6464696769636572742E636F6D
Version-Release number of selected component (if applicable):
Everytime, see above.
No support for "CAA" DNS RR (only RFC 3597 syntax supported)
Please backport "CAA" DNS RR support from BIND 9.9.6, rebase to BIND 9.9.6,
or any better of course.
Cross-filed case 01772732 on the Red Hat customer portal.
This issue seems to already be fixed in bug #1306610, which is already fixed. See
Is there something missing?
Unfortunately bug #1306610 is not publically accessible, but it seems you
are right, CAA records seem to work at all places as they should. So let's
close this, please.