mirror of
				https://github.com/StackExchange/dnscontrol.git
				synced 2025-10-25 21:46:57 +08:00 
			
		
		
		
	* docs improvements * Updated matrix as part of "go generate" (e.g. adds SSHFP row) * Commiting full matrix file * Added docs for SSHFP record * Matrix: Mark OVH as SSHFP-capable in docs (see PR #482)
		
			
				
	
	
		
			46 lines
		
	
	
	
		
			1.4 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			46 lines
		
	
	
	
		
			1.4 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| ---
 | |
| layout: default
 | |
| title: CAA Builder
 | |
| ---
 | |
| 
 | |
| # CAA Builder
 | |
| 
 | |
| dnscontrol contains a CAA_BUILDER which can be used to simply create
 | |
| CAA records for your domains. Instead of creating each CAA record
 | |
| individually, you can simply configure your report mail address, the
 | |
| authorized certificate authorities and the builder cares about the rest.
 | |
| 
 | |
| 
 | |
| ## Example
 | |
| 
 | |
| For example you can use:
 | |
| 
 | |
| ```
 | |
| CAA_BUILDER({
 | |
|   label: "@",
 | |
|   iodef: "mailto:test@domain.tld",
 | |
|   iodef_critical: true,
 | |
|   issue: [
 | |
|     "letsencrypt.org",
 | |
|     "comodoca.com",
 | |
|   ],
 | |
|   issuewild: "none",
 | |
| })
 | |
| ```
 | |
| 
 | |
| The parameters are:
 | |
| 
 | |
| * `label:` The label of the CAA record. (Optional. Default: `"@"`)
 | |
| * `iodef:` Report all violation to configured mail address.
 | |
| * `iodef_critical:` This can be `true` or `false`. If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: `false`)
 | |
| * `issue:` An array of CAs which are allowed to issue certificates. (Use `"none"` to refuse all CAs)
 | |
| * `issuewild:` An array of CAs which are allowed to issue wildcard certificates. (Can be simply `"none"` to refuse issuing wildcard certificates for all CAs)
 | |
| 
 | |
| `CAA_BUILDER()` returns multiple records (when configured as example above):
 | |
| 
 | |
|   * `CAA("@", "iodef", "mailto:test@domain.tld", CAA_CRITICAL)`
 | |
|   * `CAA("@", "issue", "letsencrypt.org")`
 | |
|   * `CAA("@", "issue", "comodoca.com")`
 | |
|   * `CAA("@", "issuewild", ";")`
 | |
| 
 | |
| ```
 |