Hi,
How could I create CAA records?
Hi Ron,
Thanks for your question, and welcome to deSEC!
For creating records, please see https://desec.readthedocs.io/en/latest/dns/rrsets.html#creating-an-rrset. The example there is about an A record. CAA records can be created in the same way (you just need to replace the relevant values).
Stay secure,
Peter
Hi Peter,
I think the issue I’ve are the text parts in the record. I tried several commands, but nothing happens. I’m using a Windows computer so I’ve to change the curl order. This is what I try:
echo {“subname”: “”, “type”: “CAA”, “ttl”: 3600, “records”: [“0 iodef “mailto:{email address}””,"0 issue “letsencrypt.org”, “0 issuewild “;””]} | curl -X POST https://desec.io/api/v1/domains/{domain}/rrsets/ --header “Authorization: Token “{token}”” --header “Content-Type: application/json” --data @-
I’ve found it:
echo {“subname”: “”, “type”: “CAA”, “ttl”: 3600, “records”: [“0 iodef “mailto::email address””,“0 issue “letsencrypt.org””, “0 issuewild “;””]} | curl -X POST https://desec.io/api/v1/domains/{domain}/rrsets/ --header “Authorization: Token “{token}”” --header “Content-Type: application/json” --data @-
Hi @Ron,
I recommend using dnscontrol.
They support desec and have a CAA builder function
Cheers,
Max
When trying to set “0 issuewild ;” as CAA record to prevent anyone from issuing wildcard certificates for my domain, an error occurs. Seems like this was also the issue that Ron was running into.
Hi jotto,
Welcome to deSEC! 
It works when putting quotes around the ;, as explained in the CAA specification.
(When using the API, you also need to make sure to escape these quotes, i.e. send "records": ["0 issuewild \";\""].)
Stay secure,
Peter