[dns-operations] Spoofing DNS with fragments
Phil Pennock
dnsop+phil at spodhuis.org
Tue Sep 11 20:51:25 UTC 2018
On 2018-09-11 at 15:16 +0200, Stephane Bortzmeyer wrote:
> On Tue, Sep 11, 2018 at 12:10:25PM +0200,
> Volker Janzen <voja at voja.de> wrote
> a message of 17 lines which said:
>
> > or CAA records.
>
> Same problem than DNSSEC : *all* CA must implement it.
They are all required to do so, in CA/Browser Baseline Requirements;
this became mandated a couple of years ago.
If you find a CA which is not checking CAA, report it and get them
de-listed by all the major browser and operating system vendors.
-Phil
More information about the dns-operations
mailing list