CAA_BUILDER
Last updated
Last updated
DNSControl contains a CAA_BUILDER
which can be used to simply create records for your domains. Instead of creating each record individually, you can simply configure your report mail address, the authorized certificate authorities and the builder cares about the rest.
CAA_BUILDER()
builds multiple records:
which in turns yield the following records:
The same example can be enriched with CAA_CRITICAL on all records:
CAA_BUILDER()
then builds (the same) multiple records - all with CAA_CRITICAL flag set:
which in turns yield the following records:
label:
The label of the CAA record. (Optional. Default: "@"
)
iodef:
Report all violation to configured mail address.
iodef_critical:
This can be true
or false
. If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: false
)
issue:
An array of CAs which are allowed to issue certificates. (Use "none"
to refuse all CAs)
issue_critical:
This can be true
or false
. If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: false
)
issuewild:
An array of CAs which are allowed to issue wildcard certificates. (Can be simply "none"
to refuse issuing wildcard certificates for all CAs)
issuewild_critical:
This can be true
or false
. If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: false
)
ttl:
Input for TTL
method (optional)