Retrieving Certification Authority Authorization (CAA) Records using the API requires specific syntax depending on whether you are using REST or SOAP. CAA records allow a DNS domain name holder to specify one or more Certification Authorities authorized to issue certificates for that domain. Use this table to find the syntax for your command.
See RFC 6844 for more information about CAA records.
Understanding How The API Works »
REST Syntax
| Click to view all REST Resources |
|
/REST/CAARecord/ GET — Retrieve one or all existing CAA Records on the zone/node indicated.
HTTP Action — GET
URIs:
Get one CAA Record — https://api.dynect.net/REST/CAARecord/<zone>/<fqdn>/<record_id>/
Get CAA Records — https://api.dynect.net/REST/CAARecord/<zone>/<fqdn>/
|
| Arguments:
No Arguments.
|
| Response:
Get one CAA record — Click for More Info
- string
fqdn — Fully qualified domain name of a node in the zone.
- hash
rdata — Required. RData defining the record to update.
- int
flags – An unsigned integer between 0-255. The issuer-critical flag is the only flag currently defined, per RFC 6844. If the flag value is set to 128, this indicates that a Certificate Authority (CA), which does not understand or does not implement the property tag in this record, should refuse to issue a certificate for the domain.
- string
tag – A non-zero sequence of US-ASCII letters and numbers in lowercase. Valid values: issue, issuewild, and iodef
- string
value – The authority for this record. EXAMPLE: ”letsencrypt.com".
- string
record_type — The RRType of the record.
- string
ttl — TTL for the record.
- string
zone — Name of the zone.
Get all CAA records — array — Individual CAA Record resources.
|
SOAP Syntax
| Click to view all SOAP Commands |
|
GETOneCAARecord — Retrieve one existing CAA Record on the zone/node indicated.
GETCAARecords — Retrieve all existing CAA Records on the zone/node indicated.
|
| Arguments:
GetOneCAARecord — Click for More Info
- string
fqdn — Required. Name of node where the record exists.
- string
record_id — The numeric ID of the record to find.
- hash
rdata — Required. RData defining the record to update.
- int
flags – An unsigned integer between 0-255. The issuer-critical flag is the only flag currently defined, per RFC 6844. If the flag value is set to 128, this indicates that a Certificate Authority (CA), which does not understand or does not implement the property tag in this record, should refuse to issue a certificate for the domain.
- string
tag – A non-zero sequence of US-ASCII letters and numbers in lowercase. Valid values: issue, issuewild, and iodef
- string
value – The authority for this record. EXAMPLE: ”letsencrypt.com".
- string
token — Required. The session identifier.
- string
zone — Required. Name of zone where the record exists.
GetCAARecords — Click for More Info
string fqdn — Required. Name of node where the record exists.
string token — Required. The session identifier.
string zone — Required. Name of zone where the record exists.
|
| Response:
GetOneCAARecord — Click for More Info
- hash
data
- string
fqdn — Fully qualified domain name of a node in the zone.
- hash
rdata — Required. RData defining the record to update.
- int
flags – An unsigned integer between 0-255. The issuer-critical flag is the only flag currently defined, per RFC 6844. If the flag value is set to 128, this indicates that a Certificate Authority (CA), which does not understand or does not implement the property tag in this record, should refuse to issue a certificate for the domain.
- string
tag – A non-zero sequence of US-ASCII letters and numbers in lowercase. Valid values: issue, issuewild, and iodef
- string
value – The authority for this record. EXAMPLE: ”letsencrypt.com".
- string
record_id — A numeric identifier for the record.
- string
record_type — The RRType of the record.
- string
ttl — TTL for the record.
- string
zone — Name of the zone.
GetCAARecords — Click for More Info
- array
data
- string
fqdn — Fully qualified domain name of a node in the zone.
- hash
rdata — Required. RData defining the record to update.
- int
flags – An unsigned integer between 0-255. The issuer-critical flag is the only flag currently defined, per RFC 6844. If the flag value is set to 128, this indicates that a Certificate Authority (CA), which does not understand or does not implement the property tag in this record, should refuse to issue a certificate for the domain.
- string
tag – A non-zero sequence of US-ASCII letters and numbers in lowercase. Valid values: issue, issuewild, and iodef
- string
value – The authority for this record. EXAMPLE: ”letsencrypt.com".
- string
record_id — A numeric identifier for the record.
- string
record_type — The RRType of the record.
- string
ttl — TTL for the record.
- string
zone — Name of the zone.
|
Example Request(GetOneCAARecord) — Click for More Info
{
'fqdn' => 'www.example.com',
'rdata' => {
'flags' => '0',
'tag' => 'issue',
'value' => 'letsencrypt.com',
},
'token' => 'asdlkfjasl23j4879afa',
'zone' => 'example.com',
}
or
{
'fqdn' => 'www.example.com',
'record_id' => '32',
'token' => 'asdlkfjasl23j4879afa',
'zone' => 'example.com',
}
|
Example Request (GetCAARecords) — Click for More Info
{
'fqdn' => 'www.example.com',
'token' => 'asdlkfjasl23j4879afa',
'zone' => 'example.com',
}
|
DNS API Knowledge Base
