From c74a527bf9ae3b0c80552725fc7a9998d5a86f2e Mon Sep 17 00:00:00 2001 From: Jeffrey Cafferata Date: Sun, 22 Jan 2023 17:20:49 +0100 Subject: [PATCH] DOCS: [CAA] General improvements (#1971) Co-authored-by: Tom Limoncelli --- documentation/functions/domain/CAA.md | 16 +++++++++------- documentation/functions/record/CAA_BUILDER.md | 12 +++++++----- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/documentation/functions/domain/CAA.md b/documentation/functions/domain/CAA.md index b2f0bce74..382195cc0 100644 --- a/documentation/functions/domain/CAA.md +++ b/documentation/functions/domain/CAA.md @@ -12,17 +12,17 @@ parameter_types: "modifiers...": RecordModifier[] --- -CAA adds a CAA record to a domain. The name should be the relative label for the record. Use `@` for the domain apex. +`CAA()` adds a CAA record to a domain. The name should be the relative label for the record. Use `@` for the domain apex. -Tag can be one of "issue", "issuewild" or "iodef". +Tag can be one of +1. `"issue"` +2. `"issuewild"` +3. `"iodef"` -Value is a string. The format of the contents is different depending on the tag. DNSControl will handle any escaping or quoting required, similar to TXT records. For example use `CAA("@", "issue", "letsencrypt.org")` rather than `CAA("@", "issue", "\"letsencrypt.org\"")`. +Value is a string. The format of the contents is different depending on the tag. DNSControl will handle any escaping or quoting required, similar to TXT records. For example use `CAA("@", "issue", "letsencrypt.org")` rather than `CAA("@", "issue", "\"letsencrypt.org\"")`. Flags are controlled by modifier: - -- CAA_CRITICAL: Issuer critical flag. CA that does not understand this tag will refuse to issue certificate for this domain. - -CAA record is supported only by BIND, Google Cloud DNS, Amazon Route 53 and OVH. Some certificate authorities may not support this record until the mandatory date of September 2017. +- `CAA_CRITICAL`: Issuer critical flag. CA that does not understand this tag will refuse to issue certificate for this domain. ```javascript D("example.com", REGISTRAR, DnsProvider("GCLOUD"), @@ -35,3 +35,5 @@ D("example.com", REGISTRAR, DnsProvider("GCLOUD"), CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL) ); ``` + +DNSControl contains a [`CAA_BUILDER`](../record/CAA_BUILDER.md) which can be used to simply create `CAA()` records for your domains. Instead of creating each CAA record individually, you can simply configure your report mail address, the authorized certificate authorities and the builder cares about the rest. diff --git a/documentation/functions/record/CAA_BUILDER.md b/documentation/functions/record/CAA_BUILDER.md index 61bfc4221..7ea60a3fd 100644 --- a/documentation/functions/record/CAA_BUILDER.md +++ b/documentation/functions/record/CAA_BUILDER.md @@ -16,7 +16,7 @@ parameter_types: --- DNSControl contains a `CAA_BUILDER` which can be used to simply create -CAA records for your domains. Instead of creating each CAA record +[`CAA()`](../domain/CAA.md) records for your domains. Instead of creating each [`CAA()`](../domain/CAA.md) record individually, you can simply configure your report mail address, the authorized certificate authorities and the builder cares about the rest. @@ -47,7 +47,9 @@ The parameters are: `CAA_BUILDER()` returns multiple records (when configured as example above): - * `CAA("@", "iodef", "mailto:test@domain.tld", CAA_CRITICAL)` - * `CAA("@", "issue", "letsencrypt.org")` - * `CAA("@", "issue", "comodoca.com")` - * `CAA("@", "issuewild", ";")` +```javascript +CAA("@", "iodef", "mailto:test@domain.tld", CAA_CRITICAL) +CAA("@", "issue", "letsencrypt.org") +CAA("@", "issue", "comodoca.com") +CAA("@", "issuewild", ";") +```