On Tue, Jan 17, 2017 at 4:54 PM, Royce Williams <royce@techsolvency.com> wrote: [snip of CAA-record intro stuff]
An explicit scan for CAA records (against, say, in all domains seen in DNS ANY) would likely be interesting.
Out of curiosity, I used zscan/zdns [1] to scan the OpenDNS top 1 million domains [2] for CAA records. Only 37 popped up: appspot-preview.com appspot.com centos.org comodo.com compricer.se csswg.org dnsimple.com ekom21.de entrust.net fu-berlin.de google.com googleusercontent.com hr.nl hro.nl instantssl.com intra.net magticom.ge mail.de minuporno.com mobileread.com monash.edu ntplx.net pdgamedev.com posteo.de pstatic.net rio2016.com samba.org shat.net sumologic.com svwh.net symantec.com tensquaregames.com thefacebook.com tsheets.com unfcu.org uni-sofia.bg weddingwire.com 1. https://github.com/zmap/zdns 2. https://blog.opendns.com/2016/12/14/cisco-umbrella-1-million/ Royce