SOLVED [CPANEL-24009] PowerDNS returns wrong CAA record in 'axfr' queries

[desper@d0]

good day
We are faced with a problem of not correct work of axfr.
cpanel saves CAA records as TYPE257.
after update 
cpanel-pdns-4.1.3-3.cp1174.x86_64.rpm 2018-10-02
 cpanel-pdns-4.1.4-1.cp1174.x86_64.rpm 2018-10-10
 cpanel-pdns-4.1.4-2.cp1174.x86_64.rpm 2018-10-29
When requesting an AXFR record TYPE257 is transmitted as TYPE55257
Unfortunately, contacting the support service did not lead to the resolution of the problem. "Ultimately, it’s limited, as cPanel doesn’t utilize AXFR transfers."

I use pdns as it supports DNSSEC.
There are no problems with BIND, but there is no support for DNSSEC.
Help me.

 

[cPanelMichael]

Hello @desper@d0,

It looks like support ticket number 10730791 is still open for investigation at this time. Could you respond to that ticket with the information requested in the previous response by the Technical Analyst so we can continue to investigate? I'll monitor the ticket and update this thread with the outcome.

Thank you.

 

[desper@d0]

pdns-сpanel is a modified version of the original pdns.
The original version older than 4.0.0 supports CAA recording.
the original version gives an error on the entry type TYPE257.
I understand that you keep such a record of the record for using the bind version of 9.8.2
And I suspect that when made the changes AXFR was broken.

thank you for tracking our ticket

 

[cPanelMichael]

Hello,

To update, internal case CPANEL-24009 is now open to report an issue where the correct CAA record value is not returned during AXFR queries. I'll monitor this case and update this thread with more information on it's status as it becomes available.

Thank you.

 

[Reado]

Any update on this?

My data centre use DNS Made Easy for secondary DNS, and they are telling me the AXFR from the primary name server does not include any CAA records full stop. This is resulting in some websites saying we have CAA records, and others say we're not.

Why aren't CAA records being transferred in the initial AXFR request?

 

[Reado]

In fact, I just noticed, this appears be the same issue as the OP. I tried adding the server to the AXFR IP list, ran a DIG AXFR command, and the resulting output displays the CAA records as "TYPE55257". However the zone file located within /var/named displays as "TYPE257".

Is this a bug within PowerDNS?

 

[cPanelMichael]

Hello @Reado,

Yes, this is specific to PowerDNS. Case CPANEL-24009 is open to address this issue, and a fix is currently in-progress. I don't have a specific time frame to offer for the publication of the solution, but I'll update this thread as soon as more information is available.

Thank you.

 

[cPanelMichael]

Hello,

This is fixed as part of the update to the cpanel-pdns RPM in cPanel & WHM version 76.0.12:

Fixed case CPANEL-24009: Update cpanel-pdns to 4.1.5-2.cp1174.

Thanks!