NetScaler - How to migrate BIND CAA record setting to NetScaler

book

Article ID: CTX666282

calendar_today

Updated On:

Description

Starting from NetScaler 13.1, DNS CAA record is supported. You may want to migrate BIND configuration to NetScaler. For example: 

domain.name IN TYPE257 \# 21 00056973737565676C6F62616C7369676E2E636F6D

Instructions

The sample is from a low BIND version that doesn't support `IN CAA` setting. Each field meanings are like below: 

TYPE257 \# 21 00056973737565676C6F62616C7369676E2E636F6D
  • TYPE257: Means CAA record. 257 is the Oct value of Hex 0x101, which is CAA type value in DNS defination.
  • \#21: The subsequent hex value of data is 21 bytes length.
  • 00: CAA flag, 00 means NONE.
  • 05: Next part: tag is 5 bytes length.
  • 6973737565: tag value: ASCII hex of string "issue"
  • 676C6F62616C7369676E2E636F6D: record value. ASCII hex of string "globalsign.com"

Therefore, on NetScaler, we can execute the below command: 

> add dns caaRec domain.name "globalsign.com" -flag NONE -tag "issue"

Issue/Introduction

This article describes the CAA record configuration, which is migrated from low BIND version

Additional Information

Reference: Create CAA records for a domain name

Powered by Wolken Software