mirror of
https://github.com/StackExchange/dnscontrol.git
synced 2024-05-11 05:55:12 +00:00
20dad35167
* Replace Jekyll highlight tags with fenced code blocks Replace Jekyll highlight tags with fenced code blocks. Canonicalize javascript to js. Correct highlighting languages. Add highlighting to code blocks. Remove leading $ from bash blocks. Remove empty lines at start and end of code blocks. Stripped trailing whitespace. * Fix language of code highlighting
1.3 KiB
1.3 KiB
| name | parameters | ||||
|---|---|---|---|---|---|
| CAA |
|
CAA adds a CAA record to a domain. The name should be the relative label for the record. Use @ for the domain apex.
Tag can be one of "issue", "issuewild" or "iodef".
Value is a string. The format of the contents is different depending on the tag. DNSControl will handle any escaping or quoting required, similar to TXT records. For example use CAA("@", "issue", "letsencrypt.org") rather than CAA("@", "issue", "\"letsencrypt.org\"").
Flags are controlled by modifier:
- CAA_CRITICAL: Issuer critical flag. CA that does not understand this tag will refuse to issue certificate for this domain.
CAA record is supported only by BIND, Google Cloud DNS, Amazon Route 53 and OVH. Some certificate authorities may not support this record until the mandatory date of September 2017.
{% include startExample.html %}
D("example.com", REGISTRAR, DnsProvider("GCLOUD"),
// Allow letsencrypt to issue certificate for this domain
CAA("@", "issue", "letsencrypt.org"),
// Allow no CA to issue wildcard certificate for this domain
CAA("@", "issuewild", ";"),
// Report all violation to test@example.com. If CA does not support
// this record then refuse to issue any certificate
CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL)
);
{% include endExample.html %}