github.com/hexonet/dnscontrol@v0.2.8/docs/_functions/domain/CAA.md

github.com/hexonet/dnscontrol@v0.2.8/docs/_functions/domain/CAA.md (about)

     1  ---
     2  name: CAA
     3  parameters:
     4    - name
     5    - tag
     6    - value
     7    - modifiers...
     8  ---
     9  
    10  CAA adds a CAA record to a domain. The name should be the relative label for the record. Use `@` for the domain apex.
    11  
    12  Tag can be one of "issue", "issuewild" or "iodef".
    13  
    14  Value is a string. The format of the contents is different depending on the tag.  DNSControl will handle any escaping or quoting required, similer to TXT records.  For example use `CAA("@", "issue", "letsencrypt.org")` rather than `CAA("@", "issue", "\"letsencrypt.org\"")`.
    15  
    16  Flags are controlled by modifier.:
    17  
    18  - CAA_CRITICAL: Issuer critical flag. CA that does not understand this tag will refuse to issue certificate for this domain.
    19  
    20  CAA record is supported only by BIND, Google Cloud DNS, and Amazon Route 53. Some certificate authorities may not support this record until the mandatory date of September 2017.
    21  
    22  {% include startExample.html %}
    23  {% highlight js %}
    24  
    25  D("example.com", REGISTRAR, DnsProvider("GCLOUD"),
    26    // Allow letsencrypt to issue certificate for this domain
    27    CAA("@", "issue", "letsencrypt.org"),
    28    // Allow no CA to issue wildcard certificate for this domain
    29    CAA("@", "issuewild", ";"),
    30    // Report all violation to test@example.com. If CA does not support
    31    // this record then refuse to issue any certificate
    32    CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL)
    33  );
    34  
    35  {%endhighlight%}
    36  {% include endExample.html %}