Getting an error when adding a CAA record for hostname with Amazon. Here is an example. domain is example.com host1.example.com. 3600 CAA 0 issue "letsencrypt.org" host2.example.com. 3600 CAA 0 issue "letsencrypt.org" host3.example.com. 3600 CAA 0 issue "letsencrypt.org" host4.example.com. 3600 CAA 0 issue "letsencrypt.org" host5.example.com. 3600 CAA 0 issue "amazon.com" <-- this causes the problem host6.example.com. 3600 CAA 0 issue "letsencrypt.org" host7.example.com. 3600 CAA 0 issue "letsencrypt.org" host8.example.com. 3600 CAA 0 issue "letsencrypt.org" host9.example.com. 3600 CAA 0 issue "letsencrypt.org" www.example.com 3600 CAA 0 issue "letsencrypt.org" Once the CAA record with amazon.com is removed there is no error. By the way, I think there is no email sent when there is an error with bind. It would be nice to have an alert email like when there is an error with the config of nginx. Hope for some advice on how to solve this error. This is on the folowing. debian 10.8 bind9/stable,now 1:9.11.5.P4+dfsg-5.1+deb10u3 ispconfig 3.2.3
The current behavior is intended as BIND will throw an error until all needed records of a zone are added, so when you add a zone (even with the wizard), you would get many error emails until all sub-records are added.
Need assistance on where to get the error from. Currently the way i know there is an error is when there is a file domain.err
Mar 23 02:36:02 named[5594]: reloading configuration succeeded Mar 23 02:36:02 named[5594]: reloading zones succeeded Mar 23 02:36:02 named[5594]: zone example.com/IN: zone serial (2021032310) unchanged. zone may fail to transfer to slaves. Mar 23 02:36:02 named[5594]: zone example.com/IN: loaded serial 2021032310 Mar 23 02:36:02 named[5594]: zone example.com/IN: sending notifies (serial 2021032310) Mar 23 02:36:02 named[5594]: all zones loaded Mar 23 02:36:02 named[5594]: running Unfortunately I do not see any other errors. This only happens when adding a CAA for amazon.com. Another thing to note is that host is a cname. Does that make a difference?
Just did another test. 1. created a hostname lala with an A record. 2. then created a CAA record with amazon.com It worked. I think there might be a requirement for CAA record to be linked to hostnames with A record and not to a hostname with CNAME record. Is this correct?
Ie. 'host5.example.com.' in your initial post is created as a CNAME, not A/AAAA? If so, the ui should not allow you to create a CAA record for it (needs a bug report filed).
That is correct. The hostname was a CNAME. So it is a requirment that the CAA record has to be a A record.
It's more that when you add a CNAME record, you can't add additional records like CAA, TXT, etc. You just need to add the CAA to the target of the CNAME. Also note that CAA records carry to subdomains, so if your example.com has a CAA for letsencrypt, you don't need to add all those host records, only the ones that differ (eg. your host5 ).
Thank you for the advice. I did not know about these points. I will clean up my dns records. Once again thank you for helping.