[193469] in North American Network Operators' Group
Re: DNS CAA records...
daemon@ATHENA.MIT.EDU (Royce Williams)
Sat Jan 21 12:38:21 2017
X-Original-To: nanog@nanog.org
In-Reply-To: <CA+E3k93s=D-EnmHou3B7FxL397dGhVGg0rEM8mzKAn-Dh1waTQ@mail.gmail.com>
From: Royce Williams <royce@techsolvency.com>
Date: Sat, 21 Jan 2017 08:37:46 -0900
To: Eric Tykwinski <eric-list@truenet.com>
Cc: nanog list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Tue, Jan 17, 2017 at 4:54 PM, Royce Williams <royce@techsolvency.com> wrote:
[snip of CAA-record intro stuff]
> An explicit scan for CAA records (against, say, in
> all domains seen in DNS ANY) would likely be interesting.
Out of curiosity, I used zscan/zdns [1] to scan the OpenDNS top 1
million domains [2] for CAA records.
Only 37 popped up:
appspot-preview.com
appspot.com
centos.org
comodo.com
compricer.se
csswg.org
dnsimple.com
ekom21.de
entrust.net
fu-berlin.de
google.com
googleusercontent.com
hr.nl
hro.nl
instantssl.com
intra.net
magticom.ge
mail.de
minuporno.com
mobileread.com
monash.edu
ntplx.net
pdgamedev.com
posteo.de
pstatic.net
rio2016.com
samba.org
shat.net
sumologic.com
svwh.net
symantec.com
tensquaregames.com
thefacebook.com
tsheets.com
unfcu.org
uni-sofia.bg
weddingwire.com
1. https://github.com/zmap/zdns
2. https://blog.opendns.com/2016/12/14/cisco-umbrella-1-million/
Royce
