Replacing Certification Authority Authorization (CAA) Records using the API requires specific syntax depending on whether you are using REST or SOAP. CAA records allow a DNS domain name holder to specify one or more Certification Authorities authorized to issue certificates for that domain. Use this table to find the syntax for your command.
See RFC 6844 for more information about CAA records.
Understanding How The API Works »
REST Syntax
| Click to view all REST Resources |
|
/REST/CAARecord/ PUT — Replace all existing CAA Record on the zone/node indicated.
HTTP Action — PUT
URI — https://api.dynect.net/REST/CAARecord/<zone>/<fqdn>/
|
|
Arguments — Click for More Info
- array
CAARecords — Required. Individual records.
- hash
rdata — Required. RData defining the record to update.
- int
flags – An unsigned integer between 0-255. The issuer-critical flag is the only flag currently defined, per RFC 6844. If the flag value is set to 128, this indicates that a Certificate Authority (CA), which does not understand or does not implement the property tag in this record, should refuse to issue a certificate for the domain.
- string
tag – A non-zero sequence of US-ASCII letters and numbers in lowercase. Valid values: issue, issuewild, and iodef
- string
value – The authority for this record. EXAMPLE: ”letsencrypt.com".
- string
ttl — TTL for the record in seconds. Set to “0” to use zone default.
|
|
Response — Click for More Info
- array — Individual records.
- string
fqdn — Fully qualified domain name of a node in the zone.
- hash
rdata — Required. RData defining the record to update.
- int
flags – An unsigned integer between 0-255. The issuer-critical flag is the only flag currently defined, per RFC 6844. If the flag value is set to 128, this indicates that a Certificate Authority (CA), which does not understand or does not implement the property tag in this record, should refuse to issue a certificate for the domain.
- string
tag – A non-zero sequence of US-ASCII letters and numbers in lowercase. Valid values: issue, issuewild, and iodef
- string
value – The authority for this record. EXAMPLE: ”letsencrypt.com".
- string
record_type — The RRType of the record.
- string
ttl — TTL for the record.
- string
zone — Name of the zone.
|
SOAP Syntax
| Click to view all SOAP Commands |
|
ReplaceCAARecords — Replace all existing CAA Record on the zone/node indicated.
|
|
Arguments — Click for More Info
- array
CAARecords — Required.
- string
fqdn — Required. Name of node where the record exists.
- hash
rdata — Required. RData defining the record to update.
- int
flags – An unsigned integer between 0-255. The issuer-critical flag is the only flag currently defined, per RFC 6844. If the flag value is set to 128, this indicates that a Certificate Authority (CA), which does not understand or does not implement the property tag in this record, should refuse to issue a certificate for the domain.
- string
tag – A non-zero sequence of US-ASCII letters and numbers in lowercase. Valid values: issue, issuewild, and iodef
- string
value – The authority for this record. EXAMPLE: ”letsencrypt.com".
- string
ttl — TTL for the record in seconds. Set to “0” to use zone default.
- string
zone — Required. Name of zone where the record exists.
- string
token — Required. The session identifier.
|
|
Response — Click for More Info
- array
data
- string
fqdn — Fully qualified domain name of a node in the zone.
- hash
rdata — Required. RData defining the record to update.
- int
flags – An unsigned integer between 0-255. The issuer-critical flag is the only flag currently defined, per RFC 6844. If the flag value is set to 128, this indicates that a Certificate Authority (CA), which does not understand or does not implement the property tag in this record, should refuse to issue a certificate for the domain.
- string
tag – A non-zero sequence of US-ASCII letters and numbers in lowercase. Valid values: issue, issuewild, and iodef
- string
value – The authority for this record. EXAMPLE: ”letsencrypt.com".
- string
record_id — A numeric identifier for the record.
- string
record_type — The RRType of the record.
- string
ttl — TTL for the record.
- string
zone — Name of the zone.
|
Example Request — Click for More Info
{
'CAARecords' => [
{
'fqdn' => 'www.example.com',
'rdata' => {
'flags' => '0',
'tag' => 'issue'
'value' => 'letsencrypt.com',
},
'ttl' => '3600',
'zone' => 'example.com',
},
{
'fqdn' => 'www.example.com',
'rdata' => {
'flags' => '128',
'tag' => 'issuewild'
'value' => 'cacert.org',
},
'ttl' => '3600',
'zone' => 'example.com',
}
],
'token' => 'asdlkfjasl23j4879afa',
}
|
DNS API Knowledge Base
