Cannot create a CAA record in Azure DNS
Server Fault Asked by Larry Silverman on November 24, 2021
CAA records were introduced to Azure DNS in November 2017.
Today, I attempted to add one to a new DNS zone I created in US East 2.
I used the cloud Powershell so I wouldn’t have to wrestle with AzureRM module version problems.
$records = @()
$records += New-AzureRmDnsRecordConfig -Caaflags 0 -CaaTag "issue" -CaaValue "issuernumberone.com"
$records += New-AzureRmDnsRecordConfig -Caaflags 0 -CaaTag "issue" -CaaValue "issuernumbertwo.org"
$records += New-AzureRmDnsRecordConfig -Caaflags 0 -CaaTag "iodef" -CaaValue "mailto:[email protected]"
New-AzureRmDnsRecordSet -Name "caa" -RecordType CAA -ZoneName mydomain.com -ResourceGroupName DNS-rg -Ttl 3600 -DnsRecords $records
Get-AzureRmDnsRecordSet -RecordType CAA -ZoneName mydomain.com -ResourceGroupName DNS-rg
The commands all worked flawlessly. I was able to create and save the recordset. I was able to retrieve the recordset.
But dig tells another story.
$ dig mydomain.com @ns1-03.azure-dns.com. CAA
; <<>> DiG 9.10.3-P4 <<>> mydomain.com @ns1-03.azure-dns.com. CAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51663
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;mydomain.com. IN CAA
;; AUTHORITY SECTION:
mydomain.com. 300 IN SOA ns1-03.azure-dns.com. azuredns-hostmaster.microsoft.com. 1 3600 300 2419200 300
;; Query time: 39 msec
;; SERVER: 40.90.4.3#53(40.90.4.3)
;; WHEN: Fri Apr 06 16:29:56 Central Daylight Time 2018
;; MSG SIZE rcvd: 126
I have other DNS providers with working CAA records. These results are not correct. I also tried with “type257” instead of CAA.
Furthermore, the CAA record type does not appear in the Azure DNS portal blade.
2 Answers
CAA Record Support is available as of today for Custom Domains on Azure. These can be accessed via DNS Zone of that particular domain you want to add CAA record set to. I've not personally tried adding a valid CAA record but I can see it now.
If you want to verify the CAA record that you have added to a domain via DNS Zone, you can refer this step 4 of this blogpost that talks about Verifying CAA Record for DNS Zone
Answered by navule on November 24, 2021
My intention was to put a CAA record on the root domain. I misunderstood the purpose of the -name parameter. I assumed it was just a label. I incorrectly set the -name parameter to caa. The correct usage would have been -name "@".
Answered by Larry Silverman on November 24, 2021
Add your own answers!
Ask a Question
Get help from others!
Recent Answers
- Joshua Engel on Why fry rice before boiling?
- Jon Church on Why fry rice before boiling?
- haakon.io on Why fry rice before boiling?
- Lex on Does Google Analytics track 404 page responses as valid page views?
- Peter Machado on Why fry rice before boiling?
Recent Questions
- How can I transform graph image into a tikzpicture LaTeX code?
- How Do I Get The Ifruit App Off Of Gta 5 / Grand Theft Auto 5
- Iv’e designed a space elevator using a series of lasers. do you know anybody i could submit the designs too that could manufacture the concept and put it to use
- Need help finding a book. Female OP protagonist, magic
- Why is the WWF pending games (“Your turn”) area replaced w/ a column of “Bonus & Reward”gift boxes?