-1

If a domain is connected by pointing is it possible for the CNAME to provide the CAA response required by lets encrypt, or can this response only be provided by the controlling NameServers?

Thanks for any help a bit stuck on this.

I reviewed the article https://letsencrypt.org/docs/caa/

However, Its unclear what it querys for these records, are the provided by the NS, if such for a pointed domain the host they are pointed to would not be able to provide this record.

Sven
  • 98,649
  • 14
  • 180
  • 226
Jhd33
  • 13
  • 3

1 Answers1

1

From the documentation at Let's Encrypt which is one of the first hits when searching for "CAA CNAME":

CAA validation follows CNAMEs, like all other DNS requests.

Steffen Ullrich
  • 13,227
  • 27
  • 39
  • Okay so my understand than is this responsibility for a pointed domain, would be the host its pointed to not the NS provider. However, I understand at some point it will query the NS for this record. Thank you for your response. – Jhd33 Sep 25 '17 at 10:14