2019-05-18 23:10:18 +08:00
---
2022-10-31 01:45:04 +08:00
name: CAA_BUILDER
parameters:
- label
- iodef
- iodef_critical
- issue
2023-12-18 22:35:10 +08:00
- issue_critical
2022-10-31 01:45:04 +08:00
- issuewild
2023-12-18 22:35:10 +08:00
- issuewild_critical
2023-01-13 05:59:42 +08:00
parameters_object: true
parameter_types:
label: string?
iodef: string
iodef_critical: boolean?
issue: string[]
2023-12-18 22:35:10 +08:00
issue_critical: boolean?
2023-12-14 02:51:23 +08:00
issuewild: string[]
2023-12-18 22:35:10 +08:00
issuewild_critical: boolean?
2019-05-18 23:10:18 +08:00
---
2022-10-31 01:56:45 +08:00
DNSControl contains a `CAA_BUILDER` which can be used to simply create
2023-01-23 00:20:49 +08:00
[`CAA()` ](../domain/CAA.md ) records for your domains. Instead of creating each [`CAA()` ](../domain/CAA.md ) record
2019-05-18 23:10:18 +08:00
individually, you can simply configure your report mail address, the
authorized certificate authorities and the builder cares about the rest.
## Example
2023-12-18 22:35:10 +08:00
### Simple example
2019-05-18 23:10:18 +08:00
2023-03-14 04:30:21 +08:00
{% code title="dnsconfig.js" %}
2023-01-20 20:56:20 +08:00
```javascript
2019-05-18 23:10:18 +08:00
CAA_BUILDER({
label: "@",
2023-06-17 20:58:17 +08:00
iodef: "mailto:test@example.com",
2019-05-18 23:10:18 +08:00
iodef_critical: true,
issue: [
"letsencrypt.org",
"comodoca.com",
],
issuewild: "none",
})
```
2023-03-14 04:30:21 +08:00
{% endcode %}
2019-05-18 23:10:18 +08:00
2023-12-18 22:35:10 +08:00
`CAA_BUILDER()` builds multiple records:
2019-05-18 23:10:18 +08:00
2023-03-14 04:30:21 +08:00
{% code title="dnsconfig.js" %}
2023-01-23 00:20:49 +08:00
```javascript
2023-06-17 20:58:17 +08:00
CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL)
2023-01-23 00:20:49 +08:00
CAA("@", "issue", "letsencrypt.org")
CAA("@", "issue", "comodoca.com")
CAA("@", "issuewild", ";")
```
2023-03-14 04:30:21 +08:00
{% endcode %}
2023-12-18 22:35:10 +08:00
which in turns yield the following records:
```text
@ 300 IN CAA 128 iodef "mailto:test@example.com"
@ 300 IN CAA 0 issue "letsencrypt.org"
@ 300 IN CAA 0 issue "comodoca.com"
@ 300 IN CAA 0 issuewild ";"
```
### Example with CAA_CRITICAL flag on all records
The same example can be enriched with CAA_CRITICAL on all records:
{% code title="dnsconfig.js" %}
```javascript
CAA_BUILDER({
label: "@",
iodef: "mailto:test@example.com",
iodef_critical: true,
issue: [
"letsencrypt.org",
"comodoca.com",
],
issue_critical: true,
issuewild: "none",
issuewild_critical: true,
})
```
{% endcode %}
`CAA_BUILDER()` then builds (the same) multiple records - all with CAA_CRITICAL flag set:
{% code title="dnsconfig.js" %}
```javascript
CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL)
CAA("@", "issue", "letsencrypt.org", CAA_CRITICAL)
CAA("@", "issue", "comodoca.com", CAA_CRITICAL)
CAA("@", "issuewild", ";", CAA_CRITICAL)
```
{% endcode %}
which in turns yield the following records:
```text
@ 300 IN CAA 128 iodef "mailto:test@example.com"
@ 300 IN CAA 128 issue "letsencrypt.org"
@ 300 IN CAA 128 issue "comodoca.com"
@ 300 IN CAA 128 issuewild ";"
```
### Parameters
* `label:` The label of the CAA record. (Optional. Default: `"@"` )
* `iodef:` Report all violation to configured mail address.
* `iodef_critical:` This can be `true` or `false` . If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: `false` )
* `issue:` An array of CAs which are allowed to issue certificates. (Use `"none"` to refuse all CAs)
* `issue_critical:` This can be `true` or `false` . If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: `false` )
* `issuewild:` An array of CAs which are allowed to issue wildcard certificates. (Can be simply `"none"` to refuse issuing wildcard certificates for all CAs)
* `issuewild_critical:` This can be `true` or `false` . If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: `false` )
