Bind error with letsencrypt lines

Still on Ubuntu 12:04 so bind is version 9.8.
Webmin version 1.852 Virtualmin version 6.00

Seems this CAA support was added in later version of bind.
But when virtualmin created a new domain recently, it added lines like this:

domain.com. IN CAA 0 issue “letsencrypt.org

domain.com. IN CAA 0 issuewild “;”

Which causes bind not to load the zone. Says unknown record type. I deleted those 2 lines and it loads the zone fine.

All my other domains do not have those lines and letsencrypt works/renews fine. So are they needed?

I realize I should probably update Ubuntu/bind, just wanted to put this out there in case someone else got the error. I don’t expect you to support/work around this older version of bind.

It’s not needed, you can safely delete them. They are for locking down what CAs are trusted for a domain. It’s an additional security feature that protects against a rogue certificate being used.

1 Like

You can also probably disable this in Virtualmin Server Templates, maybe. I don’t know that for sure, but many records are optional and can be disabled or modified.

1 Like