Add CAA support (#161)

* Added CAA support * Fixed bind parsing of CAA records * Added CAA parsing test * Renamed CAA json fields * Added CAA tag validation * Updated CAA docs to clarify on the value field * parse_tests: Fixed typo in caaflags * Added integration test * Small cleanups
2024-05-11 05:55:12 +00:00 · 2017-07-25 14:59:40 -04:00
parent 1a84edbe9c
commit 2f0f5330fc
16 changed files with 283 additions and 58 deletions
--- a/pkg/normalize/validate.go
+++ b/pkg/normalize/validate.go
@@ -53,6 +53,7 @@ func validateRecordTypes(rec *models.RecordConfig, domain string, pTypes []strin
 		"A":                true,
 		"AAAA":             true,
 		"CNAME":            true,
+		"CAA":              true,
 		"IMPORT_TRANSFORM": false,
 		"MX":               true,
 		"SRV":              true,
@@ -149,7 +150,7 @@ func checkTargets(rec *models.RecordConfig, domain string) (errs []error) {
 		check(checkTarget(target))
 	case "SRV":
 		check(checkTarget(target))
-	case "TXT", "IMPORT_TRANSFORM":
+	case "TXT", "IMPORT_TRANSFORM", "CAA":
 	default:
 		if rec.Metadata["orig_custom_type"] != "" {
 			//it is a valid custom type. We perform no validation on target
@@ -206,7 +207,7 @@ func importTransform(srcDomain, dstDomain *models.DomainConfig, transforms []tra
 			r := newRec()
 			r.Target = transformCNAME(r.Target, srcDomain.Name, dstDomain.Name)
 			dstDomain.Records = append(dstDomain.Records, r)
-		case "MX", "NS", "SRV", "TXT":
+		case "MX", "NS", "SRV", "TXT", "CAA":
 			// Not imported.
 			continue
 		default:
@@ -281,6 +282,10 @@ func NormalizeAndValidateConfig(config *models.DNSConfig) (errs []error) {
 				if rec.Name, err = transform.PtrNameMagic(rec.Name, domain.Name); err != nil {
 					errs = append(errs, err)
 				}
+			} else if rec.Type == "CAA" {
+				if rec.CaaTag != "issue" && rec.CaaTag != "issuewild" && rec.CaaTag != "iodef" {
+					errs = append(errs, fmt.Errorf("CAA tag %s is invalid", rec.CaaTag))
+				}
 			}
 			// Populate FQDN:
 			rec.NameFQDN = dnsutil.AddOrigin(rec.Name, domain.Name)
@@ -357,6 +362,7 @@ func checkProviderCapabilities(dc *models.DomainConfig, pList []*models.DNSProvi
 		{"ALIAS", providers.CanUseAlias},
 		{"PTR", providers.CanUsePTR},
 		{"SRV", providers.CanUseSRV},
+		{"CAA", providers.CanUseCAA},
 	}
 	for _, ty := range types {
 		hasAny := false