github.com/StackExchange/dnscontrol/v4@v4.11.0/documentation/language-reference/domain-modifiers/CAA_BUILDER.md (about) 1 --- 2 name: CAA_BUILDER 3 parameters: 4 - label 5 - iodef 6 - iodef_critical 7 - issue 8 - issue_critical 9 - issuewild 10 - issuewild_critical 11 parameters_object: true 12 parameter_types: 13 label: string? 14 iodef: string 15 iodef_critical: boolean? 16 issue: string[] 17 issue_critical: boolean? 18 issuewild: string[] 19 issuewild_critical: boolean? 20 --- 21 22 DNSControl contains a `CAA_BUILDER` which can be used to simply create 23 [`CAA()`](../domain-modifiers/CAA.md) records for your domains. Instead of creating each [`CAA()`](../domain-modifiers/CAA.md) record 24 individually, you can simply configure your report mail address, the 25 authorized certificate authorities and the builder cares about the rest. 26 27 ## Example 28 29 ### Simple example 30 31 {% code title="dnsconfig.js" %} 32 ```javascript 33 CAA_BUILDER({ 34 label: "@", 35 iodef: "mailto:test@example.com", 36 iodef_critical: true, 37 issue: [ 38 "letsencrypt.org", 39 "comodoca.com", 40 ], 41 issuewild: "none", 42 }) 43 ``` 44 {% endcode %} 45 46 `CAA_BUILDER()` builds multiple records: 47 48 {% code title="dnsconfig.js" %} 49 ```javascript 50 CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL) 51 CAA("@", "issue", "letsencrypt.org") 52 CAA("@", "issue", "comodoca.com") 53 CAA("@", "issuewild", ";") 54 ``` 55 {% endcode %} 56 57 which in turns yield the following records: 58 59 ```text 60 @ 300 IN CAA 128 iodef "mailto:test@example.com" 61 @ 300 IN CAA 0 issue "letsencrypt.org" 62 @ 300 IN CAA 0 issue "comodoca.com" 63 @ 300 IN CAA 0 issuewild ";" 64 ``` 65 66 ### Example with CAA_CRITICAL flag on all records 67 68 The same example can be enriched with CAA_CRITICAL on all records: 69 70 {% code title="dnsconfig.js" %} 71 ```javascript 72 CAA_BUILDER({ 73 label: "@", 74 iodef: "mailto:test@example.com", 75 iodef_critical: true, 76 issue: [ 77 "letsencrypt.org", 78 "comodoca.com", 79 ], 80 issue_critical: true, 81 issuewild: "none", 82 issuewild_critical: true, 83 }) 84 ``` 85 {% endcode %} 86 87 `CAA_BUILDER()` then builds (the same) multiple records - all with CAA_CRITICAL flag set: 88 89 {% code title="dnsconfig.js" %} 90 ```javascript 91 CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL) 92 CAA("@", "issue", "letsencrypt.org", CAA_CRITICAL) 93 CAA("@", "issue", "comodoca.com", CAA_CRITICAL) 94 CAA("@", "issuewild", ";", CAA_CRITICAL) 95 ``` 96 {% endcode %} 97 98 which in turns yield the following records: 99 100 ```text 101 @ 300 IN CAA 128 iodef "mailto:test@example.com" 102 @ 300 IN CAA 128 issue "letsencrypt.org" 103 @ 300 IN CAA 128 issue "comodoca.com" 104 @ 300 IN CAA 128 issuewild ";" 105 ``` 106 107 108 ### Parameters 109 110 * `label:` The label of the CAA record. (Optional. Default: `"@"`) 111 * `iodef:` Report all violation to configured mail address. 112 * `iodef_critical:` This can be `true` or `false`. If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: `false`) 113 * `issue:` An array of CAs which are allowed to issue certificates. (Use `"none"` to refuse all CAs) 114 * `issue_critical:` This can be `true` or `false`. If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: `false`) 115 * `issuewild:` An array of CAs which are allowed to issue wildcard certificates. (Can be simply `"none"` to refuse issuing wildcard certificates for all CAs) 116 * `issuewild_critical:` This can be `true` or `false`. If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: `false`)