mirror/stackexchange-dnscontrol
1
0
Fork 0
mirror of https://github.com/StackExchange/dnscontrol.git synced 2024-05-11 05:55:12 +00:00
Code Issues Releases Activity

DOCS: [CAA] General improvements (#1971)

Browse Source 
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
This commit is contained in:
Jeffrey Cafferata
2023-01-22 17:20:49 +01:00
committed by GitHub
parent 810eed0822
commit c74a527bf9
2 changed files with 16 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
documentation/functions/domain/CAA.md
View File

@ -12,17 +12,17 @@ parameter_types:
"modifiers...": RecordModifier[] "modifiers...": RecordModifier[]
--- ---
CAA adds a CAA record to a domain. The name should be the relative label for the record. Use `@` for the domain apex. `CAA()` adds a CAA record to a domain. The name should be the relative label for the record. Use `@` for the domain apex.
Tag can be one of "issue", "issuewild" or "iodef". Tag can be one of
1. `"issue"`
2. `"issuewild"`
3. `"iodef"`
Value is a string. The format of the contents is different depending on the tag. DNSControl will handle any escaping or quoting required, similar to TXT records. For example use `CAA("@", "issue", "letsencrypt.org")` rather than `CAA("@", "issue", "\"letsencrypt.org\"")`. Value is a string. The format of the contents is different depending on the tag. DNSControl will handle any escaping or quoting required, similar to TXT records. For example use `CAA("@", "issue", "letsencrypt.org")` rather than `CAA("@", "issue", "\"letsencrypt.org\"")`.
Flags are controlled by modifier: Flags are controlled by modifier:
- `CAA_CRITICAL`: Issuer critical flag. CA that does not understand this tag will refuse to issue certificate for this domain.
- CAA_CRITICAL: Issuer critical flag. CA that does not understand this tag will refuse to issue certificate for this domain.
CAA record is supported only by BIND, Google Cloud DNS, Amazon Route 53 and OVH. Some certificate authorities may not support this record until the mandatory date of September 2017.
```javascript ```javascript
D("example.com", REGISTRAR, DnsProvider("GCLOUD"), D("example.com", REGISTRAR, DnsProvider("GCLOUD"),
@ -35,3 +35,5 @@ D("example.com", REGISTRAR, DnsProvider("GCLOUD"),
CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL) CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL)
); );
``` ```
DNSControl contains a [`CAA_BUILDER`](../record/CAA_BUILDER.md) which can be used to simply create `CAA()` records for your domains. Instead of creating each CAA record individually, you can simply configure your report mail address, the authorized certificate authorities and the builder cares about the rest.

12
documentation/functions/record/CAA_BUILDER.md
View File

@ -16,7 +16,7 @@ parameter_types:
--- ---
DNSControl contains a `CAA_BUILDER` which can be used to simply create DNSControl contains a `CAA_BUILDER` which can be used to simply create
CAA records for your domains. Instead of creating each CAA record [`CAA()`](../domain/CAA.md) records for your domains. Instead of creating each [`CAA()`](../domain/CAA.md) record
individually, you can simply configure your report mail address, the individually, you can simply configure your report mail address, the
authorized certificate authorities and the builder cares about the rest. authorized certificate authorities and the builder cares about the rest.
@ -47,7 +47,9 @@ The parameters are:
`CAA_BUILDER()` returns multiple records (when configured as example above): `CAA_BUILDER()` returns multiple records (when configured as example above):
* `CAA("@", "iodef", "mailto:test@domain.tld", CAA_CRITICAL)` ```javascript
* `CAA("@", "issue", "letsencrypt.org")` CAA("@", "iodef", "mailto:test@domain.tld", CAA_CRITICAL)
* `CAA("@", "issue", "comodoca.com")` CAA("@", "issue", "letsencrypt.org")
* `CAA("@", "issuewild", ";")` CAA("@", "issue", "comodoca.com")
CAA("@", "issuewild", ";")
```