Merge pull request #83 from microsoft/loopnoop/caa-updates

ndrix · web-flow · commit b7e76ea2d98e · 2025-10-10T11:55:45.000-07:00
Implement CAA record handling in dnsresolver
diff --git a/dusseldorf/listener.dns/src/dnsresolver.py b/dusseldorf/listener.dns/src/dnsresolver.py
@@ -99,6 +99,26 @@ def resolve(self, dnsrecord, handler) -> dnslib.DNSRecord:
             req = DnsRequest(request_fqdn, "", qtype_s, client_ip, request_fqdn)
             resp = req.default_response
 
+            # if this is a CAA request, we need to add an additional CAA record
+            if qtype_s == "CAA":
+                # add default
+                answer = self.make_resource_record(resp)
+                reply.add_answer(answer)
+                
+                # hardcoded CAA resp
+                email = "caarecordaware@microsoft.com" 
+                resp = req.default_response
+                resp._rdata = { "flags": 0, "tag": "contactemail", "value": email }                    
+                caa_answer = self.make_resource_record(resp)
+                reply.add_answer(caa_answer)
+
+                # also iodef
+                resp = req.default_response
+                resp._rdata = { "flags": 0, "tag": "iodef", "value": f"mailto:{email}" }                    
+                iodef_answer = self.make_resource_record(resp)
+                reply.add_answer(iodef_answer)
+                return reply
+
             # if we can't make a rr, raise nxdomain and log it.
             if answer := self.make_resource_record(resp):
                 reply.add_answer(answer)
