Forwarded to devs DNSSEC and CAA not working

[PReimers]

TITLE:
CAA entry is not covered by DNSSEC
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
Ubuntu 16.04, Plesk 17.8.11, MU #1
PROBLEM DESCRIPTION:
After adding a CAA entry in DNS (and waiting serval days) a DNS query responds with:

id 12345
opcode QUERY
rcode SERVFAIL
flags QR RD RA
;QUESTION
example.com. IN CAA
;ANSWER ;
AUTHORITY ;
ADDITIONAL

STEPS TO REPRODUCE:

1. Enable (and configure) DNSSEC
2. Add a CAA Entry to the DNS
3. Wait for the DNS to update

ACTUAL RESULT:
The CAA record is not covered by the DNSSEC. This causes a SERVFAIL
EXPECTED RESULT:
The CAA record should be covered by the DNSSEC. No DNS Error should occur.
ANY ADDITIONAL INFORMATION:
Current Workaround: Disable DNSSEC
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Confirm bug

 

[IgorG]

Thank you for report.
Could you reproduce it on your server with enabled debug in panel.ini and provide panel.log here?

 

[PReimers]

Please give me some time to reproduce it.

Currently I disabled DNSSEC on the affected domains.

I‘ll post an update as soon as it is available.

 

[PReimers]

Nevermind.

Out of a sudden, I can't reproduce it anymore

Maybe I was too quick in my first test. (When Adding the CAA Entry to a DNSSEC signed domain)

Please close this thread/ticket -> can't reproduce.

What I've tested:
Test 1 (new domain):

1. Register a new domain
   
2. Add Domain to Plesk
   
3. Add CAA Entry to DNS
4. Wait for DNS to update
5. Add DNSSEC
   
6. Wait for DNS to update
7. Test -> everything correct

Test 2 (domain with CAA entry / without DNSSEC):

1. Add DNSSEC
2. Wait for DNS to update
3. Test -> everything correct

Btw. The panel.log didn't show anything.