Still on Ubuntu 12:04 so bind is version 9.8.
Webmin version 1.852 Virtualmin version 6.00
Seems this CAA support was added in later version of bind. But when virtualmin created a new domain recently, it added lines like this:
domain.com. IN CAA 0 issue "letsencrypt.org"
domain.com. IN CAA 0 issuewild ";"
Which causes bind not to load the zone. Says unknown record type. I deleted those 2 lines and it loads the zone fine.
All my other domains do not have those lines and letsencrypt works/renews fine. So are they needed?
I realize I should probably update Ubuntu/bind, just wanted to put this out there in case someone else got the error. I don’t expect you to support/work around this older version of bind.
It's not needed, you can safely delete them. They are for locking down what CAs are trusted for a domain. It's an additional security feature that protects against a rogue certificate being used.
--
Check out the forum guidelines!
You can also probably disable this in Virtualmin Server Templates, maybe. I don't know that for sure, but many records are optional and can be disabled or modified.
--
Check out the forum guidelines!