How to add CAA record into a DNS zone file using NSD?
Requirements :
- NSD from NLnet Labs
- Linux/Windows OS with NSD installed (in this example using Linux Ubuntu version 16.04 LTS)
- DNS Server has been setup and function properly
Steps to setup:
1. Login to your DNS server.
2. Launch the terminal. If you don’t login as superuser then type:
$ sudo –i
You will be prompted for the password for your superuser. Type the password and you will be on the root prompt.
3. Check the version of your NSD version. This is mandatory to determine which entry is applicable for your BIND version.
Standard CAA Zone File for NSD version 4.0 and higher |
example.com. CAA 0 contactemail "[email protected]" |
Legacy CAA Zone File for NSD version lower than 4.0 |
Unsupported |
To check the NSD version type :
Root# nsd -v
Example:
4. Locate your DNS zone file. This file by default is located under /etc/nsd/ , however sometimes it is hiding for the security purposes. Please consult with your network administrator. In this example, the DNS zone file is under /etc/nsd/ with the filename called entrustcertlab.com.zone
Example:
5. WARNING ! Before you continue on the step below, please make sure you make a copy of your working DNS zone file in order to avoid any mishap happened.
Edit the zone file using the line text editor tool such as nano or vi
Example:
#root: nano /etc/nsd/entrustcertlab.com.zone
The DNS zone file will be opened. You should see some entry already existed
6. Scroll to the bottom of your zone file and hit Enter to give a new line space below for new record entry.
7. Type in the entry below to the empty line space that created from step 6 above.
yourdomain_name. IN CAA 0 contactemail “your email address”
NOTE: yourdomain is your own domain name that listed on your SOA
In the example below, the SOA is using entrustcertlab.com, hence the line to be added will be:
entrustcertlab.comINCAA0 contactemail “[email protected]”
8. Press Ctrl-X to save the modification. Answer Yes and then hit Enter to overwrite it into the same filename.
9. Restart your DNS service by typing:
Root # service nsd restart
NOTE: If you receive any error during the DNS service restart process, go back to your zone file and make sure you don’t have any typo on the entries. You can still refer back to your old working zone file that you backup on step 5.
To check the detail status of DNS service, type :
Root# service nsd status
At this point, your CAA record has been setup properly.