mirror of
https://github.com/StackExchange/dnscontrol.git
synced 2024-09-20 14:56:20 +08:00
20dad35167
* Replace Jekyll highlight tags with fenced code blocks Replace Jekyll highlight tags with fenced code blocks. Canonicalize javascript to js. Correct highlighting languages. Add highlighting to code blocks. Remove leading $ from bash blocks. Remove empty lines at start and end of code blocks. Stripped trailing whitespace. * Fix language of code highlighting
1.4 KiB
1.4 KiB
| layout | title |
|---|---|
| default | CAA Builder |
CAA Builder
dnscontrol contains a CAA_BUILDER which can be used to simply create CAA records for your domains. Instead of creating each CAA record individually, you can simply configure your report mail address, the authorized certificate authorities and the builder cares about the rest.
Example
For example you can use:
CAA_BUILDER({
label: "@",
iodef: "mailto:test@domain.tld",
iodef_critical: true,
issue: [
"letsencrypt.org",
"comodoca.com",
],
issuewild: "none",
})
The parameters are:
label:The label of the CAA record. (Optional. Default:"@")iodef:Report all violation to configured mail address.iodef_critical:This can betrueorfalse. If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default:false)issue:An array of CAs which are allowed to issue certificates. (Use"none"to refuse all CAs)issuewild:An array of CAs which are allowed to issue wildcard certificates. (Can be simply"none"to refuse issuing wildcard certificates for all CAs)
CAA_BUILDER() returns multiple records (when configured as example above):
CAA("@", "iodef", "mailto:test@domain.tld", CAA_CRITICAL)CAA("@", "issue", "letsencrypt.org")CAA("@", "issue", "comodoca.com")CAA("@", "issuewild", ";")