Still on Ubuntu 12:04 so bind is version 9.8.
Webmin version 1.852 Virtualmin version 6.00
Seems this CAA support was added in later version of bind.
But when virtualmin created a new domain recently, it added lines like this:
domain.com. IN CAA 0 issuewild “;”
Which causes bind not to load the zone. Says unknown record type. I deleted those 2 lines and it loads the zone fine.
All my other domains do not have those lines and letsencrypt works/renews fine. So are they needed?
I realize I should probably update Ubuntu/bind, just wanted to put this out there in case someone else got the error. I don’t expect you to support/work around this older version of bind.