boulder icon indicating copy to clipboard operation
boulder copied to clipboard
verified publisher icon letsencrypt

Log DNSSEC status for CAA queries

Open rolandshoemaker opened this issue 8 years ago • 3 comments

Simplest solution is just to check if the resolver set the AD bit in the response in our LookupCAA function.

rolandshoemaker avatar Apr 24 '17 13:04 rolandshoemaker

@rolandshoemaker was this resolved by https://github.com/letsencrypt/boulder/pull/2716 ?

cpu avatar May 02 '17 18:05 cpu

This is related to the Present: xxx, Valid for issuance: xxx logging code in the VA.

rolandshoemaker avatar May 02 '17 18:05 rolandshoemaker

The metric set in https://github.com/letsencrypt/boulder/pull/2716 no longer exists, so we're no longer collecting this data, let alone logging it. This data is particularly of interest again as we work with the Princeton CITP on investigating the benefits of DNSSEC on the WebPKI.

aarongable avatar Apr 24 '23 23:04 aarongable