The Certification Authority Authorization (CAA) DNS resource record (RR) is used to specify which certificate authorities (CAs) are allowed to issue certificates for a domain. For further details see RFC-6844.
References to record:caa are object references. The name part of a CAA record object reference has the following components:
- Name of the record
- Name of the view
Example: record:caa/ZG5zLmJpbmRfY2FN1ZXIxLm9yZw:caa_example0.com/default
The object does not support the following operations when managed on Cloud Platform members:
These fields are actual members of the object; thus, they can be requested by using _return_fields, if the fields are readable.
The basic version of the object contains the field(s): name, view.
The following fields are required to create this object:
| Field | Notes |
|---|---|
| ca_flag | |
| ca_tag | |
| ca_value | |
| name |
Flag of CAA record.
Type
Unsigned integer.
Create
The field is required on creation.
Search
The field is available for search via
Tag of CAA record.
Type
String.
Values with leading or trailing white space are not valid for this field.
Create
The field is required on creation.
Search
The field is available for search via
Value of CAA record
Type
String.
Create
The field is required on creation.
Search
The field is available for search via
Structure containing all cloud API related information for this object.
Type
A/An Cloud Information struct.
Search
The field is not available for search.
Notes
The cloud_info cannot be updated.
cloud_info cannot be written.
Comment for the record; maximum 256 characters.
Type
String.
Values with leading or trailing white space are not valid for this field.
Create
The default value is empty.
Search
The field is available for search via
The creation time of the record.
Type
Timestamp.
Search
The field is not available for search.
Notes
The creation_time cannot be updated.
creation_time cannot be written.
The record creator. Note that changing creator from or to ‘SYSTEM’ value is not allowed.
Type
String.
Create
The default value is STATIC.
Search
The field is available for search via
The GSS-TSIG principal that owns this record.
Type
String.
Create
The default value is empty.
Search
The field is available for search via
Determines if the DDNS updates for this record are allowed or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if the record is disabled or not. False means that the record is enabled.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The name of the CAA record in punycode format.
Type
String.
Values with leading or trailing white space are not valid for this field.
Search
The field is not available for search.
Notes
The dns_name cannot be updated.
dns_name cannot be written.
Extensible attributes associated with the object.
For valid values for extensible attributes, see the following information.
Type
Extensible attributes.
This field allows +/- to be specified as part of the field name when updating the object, see the following information.
Create
The default value is empty.
Search
For how to search extensible attributes, see the following information.
Determines if the reclamation is allowed for the record or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The time of the last DNS query in Epoch seconds format.
Type
Timestamp.
Search
The field is not available for search.
Notes
The last_queried cannot be updated.
last_queried cannot be written.
The CAA record name in FQDN format. This value can be in unicode format.
Type
String.
Values with leading or trailing white space are not valid for this field.
Create
The field is required on creation.
Search
The field is available for search via
Notes
The name is part of the base object.
Determines if the record is reclaimable or not.
Type
Bool.
Search
The field is available for search via
Notes
The reclaimable cannot be updated.
reclaimable cannot be written.
The Time to Live (TTL) value for the record. A 32-bit unsigned integer that represents the duration, in seconds, for which the record is valid (cached). Zero indicates that the record should not be cached.
Type
Unsigned integer.
Create
The default value is empty.
Search
The field is not available for search.
Notes
Use flag for: ttl
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The name of the DNS view in which the record resides. Example: “external”.
Type
String.
Values with leading or trailing white space are not valid for this field.
Create
The default value is The default DNS view.
Search
The field is available for search via
Notes
The view is part of the base object.
The name of the zone in which the record resides. Example: “zone.com”. If a view is not specified when searching by zone, the default view is used.
Type
String.
Values with leading or trailing white space are not valid for this field.
Search
The field is available for search via
Notes
The zone cannot be updated.
zone cannot be written.
| Field | Type | Req | R/O | Base | Search |
|---|---|---|---|---|---|
| ca_flag | Unsigned int | Y | N | N | = |
| ca_tag | String | Y | N | N | : = ~ |
| ca_value | String | Y | N | N | : = ~ |
| cloud_info | struct | N | Y | N | N/A |
| comment | String | N | N | N | : = ~ |
| creation_time | Timestamp | N | Y | N | N/A |
| creator | String | N | N | N | = |
| ddns_principal | String | N | N | N | : = ~ |
| ddns_protected | Bool | N | N | N | N/A |
| disable | Bool | N | N | N | N/A |
| dns_name | String | N | Y | N | N/A |
| extattrs | Extattr | N | N | N | ext |
| forbid_reclamation | Bool | N | N | N | N/A |
| last_queried | Timestamp | N | Y | N | N/A |
| name | String | Y | N | Y | : = ~ |
| reclaimable | Bool | N | Y | N | = |
| ttl | Unsigned int | N | N | N | N/A |
| use_ttl | Bool | N | N | N | N/A |
| view | String | N | N | Y | = |
| zone | String | N | Y | N | = |
record:alias : DNS Alias record object.
