mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-03-21 21:41:48 +00:00
4e821a3c30
The CAA can't be set for a domain that has a CNAME record, see https://letsencrypt.org/docs/caa/ > Note also that CAA checking follows CNAME redirects, just like all other DNS requests. If “[community.example.org](http://community.example.org/)” is a CNAME to “[example.forum.com](http://example.forum.com/)”, the CA will respect any CAA records that are set on “[example.forum.com](http://example.forum.com/)”. It is not allowed for a domain name with a CNAME record to have any other records, so there cannot be conflicts between CAA records on the original name and CAA records on the target of the redirect.