vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/dns/umn/dns_usermanual_0014.html
Qin Ying, Fan 9a9e02c671 DNS UMN 20240223 version 
Reviewed-by: Hajba, László Antal <laszlo-antal.hajba@t-systems.com>
Co-authored-by: Qin Ying, Fan <fanqinying@huawei.com>
Co-committed-by: Qin Ying, Fan <fanqinying@huawei.com>
2024-06-07 13:20:48 +00:00

120 lines
16 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<a name="dns_usermanual_0014"></a><a name="dns_usermanual_0014"></a>
<h1 class="topictitle1">Adding a CAA Record Set</h1>
<div id="body1548760902270"><div class="section" id="dns_usermanual_0014__section187281084528"><h4 class="sectiontitle"><strong id="dns_usermanual_0014__b1945914476554">Scenarios</strong></h4><p id="dns_usermanual_0014__p1849014481545">If you want to specify CAs authorized to issue HTTPS certificates for your domain name, add CAA record sets for the domain name.</p>
<p id="dns_usermanual_0014__p187571728174615">CAA record sets are used to prevent HTTPS certificates from being incorrectly issued.</p>
<p id="dns_usermanual_0014__p1032122565311">For details about other record set types, see <a href="dns_usermanual_0601.html">Record Set Types and Configuration Rules</a>.</p>
</div>
<div class="section" id="dns_usermanual_0014__section10284161715528"><h4 class="sectiontitle">Constraints</h4><p id="dns_usermanual_0014__p1382995310437">CAA record sets can be added only to public zones.</p>
</div>
<div class="section" id="dns_usermanual_0014__section6412174644120"><h4 class="sectiontitle"><strong id="dns_usermanual_0014__b133344357017">Procedure</strong></h4><ol id="dns_usermanual_0014__ol44805021215"><li id="dns_usermanual_0014__en-us_topic_0035467699_li52833639155823">Log in to the management console.</li><li id="dns_usermanual_0014__en-us_topic_0035467699_li52641116155830">In the service list, choose <strong id="dns_usermanual_0014__dns_qs_0006_b61191316145"><span id="dns_usermanual_0014__dns_qs_0006_en-us_topic_0138290753_text142541144194510">Network</span><span id="dns_usermanual_0014__dns_qs_0006_en-us_topic_0138290753_text155146154515"></span></strong> &gt; <strong id="dns_usermanual_0014__dns_qs_0006_b14571104062010">Domain Name Service</strong>.<p id="dns_usermanual_0014__dns_qs_0006_en-us_topic_0138290753_en-us_topic_0035467699_p179595731633">The DNS console is displayed.</p>
</li><li id="dns_usermanual_0014__en-us_topic_0035467699_li1829314716351">In the navigation pane on the left, choose <strong id="dns_usermanual_0014__en-us_topic_0035467699_b84235270617550">Public Zones</strong>.<p id="dns_usermanual_0014__en-us_topic_0035467699_en-us_topic_0035467699_p5173372716550">The <strong id="dns_usermanual_0014__en-us_topic_0035467699_b84235270618511">Public Zones</strong> page is displayed.</p>
</li><li id="dns_usermanual_0014__li57832421115837">Click the domain name.</li><li id="dns_usermanual_0014__li184801011214">Click <strong id="dns_usermanual_0014__dns_usermanual_0007_b1360114185916">Add Record Set</strong>.<p id="dns_usermanual_0014__dns_usermanual_0007_a57041818ee3b4a18801b83932fce907b">The <strong id="dns_usermanual_0014__dns_usermanual_0007_b1260184125913">Add Record Set</strong> dialog box is displayed.</p>
</li></ol><ol start="6" id="dns_usermanual_0014__ol59320072113848"><li id="dns_usermanual_0014__li613684841277">Configure the parameters based on <a href="#dns_usermanual_0014__table676063732817">Table 1</a>.
<div class="tablenoborder"><a name="dns_usermanual_0014__table676063732817"></a><a name="table676063732817"></a><table cellpadding="4" cellspacing="0" summary="" id="dns_usermanual_0014__table676063732817" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for adding a CAA record set</caption><thead align="left"><tr id="dns_usermanual_0014__row5778037182810"><th align="left" class="cellrowborder" valign="top" width="16%" id="mcps1.3.3.3.1.2.2.4.1.1"><p id="dns_usermanual_0014__p7782133732811"><strong id="dns_usermanual_0014__b1056150114510">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="62%" id="mcps1.3.3.3.1.2.2.4.1.2"><p id="dns_usermanual_0014__p12788153715287"><strong id="dns_usermanual_0014__b1356260194515">Description</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="22%" id="mcps1.3.3.3.1.2.2.4.1.3"><p id="dns_usermanual_0014__p15792153719289"><strong id="dns_usermanual_0014__b956313015455">Example Value</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="dns_usermanual_0014__row207951137172810"><td class="cellrowborder" valign="top" width="16%" headers="mcps1.3.3.3.1.2.2.4.1.1 "><p id="dns_usermanual_0014__p8798203752820">Name</p>
</td>
<td class="cellrowborder" valign="top" width="62%" headers="mcps1.3.3.3.1.2.2.4.1.2 "><p id="dns_usermanual_0014__p498991411924">Prefix of the domain name to be resolved.</p>
<p id="dns_usermanual_0014__p4490923311924">For example, if the domain name is <strong id="dns_usermanual_0014__dns_usermanual_0007_b10331683433">example.com</strong>, the prefix can be as follows:</p>
<ul id="dns_usermanual_0014__ul62101617105015"><li id="dns_usermanual_0014__dns_usermanual_0007_li74912028142710"><strong id="dns_usermanual_0014__dns_usermanual_0007_b68691535154311">www</strong>: The domain name is www.example.com, which is usually used for a website.</li><li id="dns_usermanual_0014__dns_usermanual_0007_li7403112285516">Left blank: The domain name is example.com.<p id="dns_usermanual_0014__dns_usermanual_0007_p210152475518"><a name="dns_usermanual_0014__dns_usermanual_0007_li7403112285516"></a><a name="dns_usermanual_0007_li7403112285516"></a>The <strong id="dns_usermanual_0014__dns_usermanual_0007_b1244921444616">Name</strong> field cannot be set to an at sign (@). Just leave it blank.</p>
</li><li id="dns_usermanual_0014__dns_usermanual_0007_li1749112284277"><strong id="dns_usermanual_0014__dns_usermanual_0007_b159141815184510">abc</strong>: The domain name is abc.example.com, a subdomain of example.com.</li><li id="dns_usermanual_0014__dns_usermanual_0007_li20491028142718"><strong id="dns_usermanual_0014__dns_usermanual_0007_b510014054612">mail</strong>: The domain name is mail.example.com, which is typically used for email servers.</li><li id="dns_usermanual_0014__dns_usermanual_0007_li184910286279"><strong id="dns_usermanual_0014__dns_usermanual_0007_b14337622174617">*</strong>: The domain name is *.example.com, which is a wildcard domain name, indicating all subdomains of example.com.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="22%" headers="mcps1.3.3.3.1.2.2.4.1.3 "><p id="dns_usermanual_0014__p78160372285">Left blank</p>
</td>
</tr>
<tr id="dns_usermanual_0014__row13819837192816"><td class="cellrowborder" valign="top" width="16%" headers="mcps1.3.3.3.1.2.2.4.1.1 "><p id="dns_usermanual_0014__p982663713288">Type</p>
</td>
<td class="cellrowborder" valign="top" width="62%" headers="mcps1.3.3.3.1.2.2.4.1.2 "><p id="dns_usermanual_0014__p1383173742816">Type of the record set</p>
<p id="dns_usermanual_0014__p8911154710176">A message may be displayed indicating that the record set you are trying to add conflicts with an existing record set.</p>
</td>
<td class="cellrowborder" valign="top" width="22%" headers="mcps1.3.3.3.1.2.2.4.1.3 "><p id="dns_usermanual_0014__p7622132712445">CAA Grant certificate issuing permissions to CAs</p>
</td>
</tr>
<tr id="dns_usermanual_0014__row3866173712813"><td class="cellrowborder" valign="top" width="16%" headers="mcps1.3.3.3.1.2.2.4.1.1 "><p id="dns_usermanual_0014__p9874163714287">TTL (s)</p>
</td>
<td class="cellrowborder" valign="top" width="62%" headers="mcps1.3.3.3.1.2.2.4.1.2 "><p id="dns_usermanual_0014__p5888275712739">Cache duration of the record set on a local DNS server, in seconds.</p>
<p id="dns_usermanual_0014__p103873299529">The value ranges from <strong id="dns_usermanual_0014__dns_usermanual_0007_b12340162774812">1</strong> to <strong id="dns_usermanual_0014__dns_usermanual_0007_b8804142484815">2147483647</strong>, and the default is <strong id="dns_usermanual_0014__dns_usermanual_0007_b986894618157">300</strong>.</p>
<p id="dns_usermanual_0014__p7737113020523">If your service address changes frequently, set TTL to a smaller value.</p>
</td>
<td class="cellrowborder" valign="top" width="22%" headers="mcps1.3.3.3.1.2.2.4.1.3 "><p id="dns_usermanual_0014__p477403312739">300</p>
</td>
</tr>
<tr id="dns_usermanual_0014__row9887737162813"><td class="cellrowborder" valign="top" width="16%" headers="mcps1.3.3.3.1.2.2.4.1.1 "><p id="dns_usermanual_0014__p689116371284">Value</p>
</td>
<td class="cellrowborder" valign="top" width="62%" headers="mcps1.3.3.3.1.2.2.4.1.2 "><p id="dns_usermanual_0014__p19128114815389">CA to be authorized to issue certificates for a domain name or its subdomains</p>
<p id="dns_usermanual_0014__p1372302745912">You can enter a maximum of 50 record values, each on a separate line.</p>
<p id="dns_usermanual_0014__p82361147105913">The format is <strong id="dns_usermanual_0014__dns_usermanual_0601_b14296101413215">[</strong><strong id="dns_usermanual_0014__dns_usermanual_0601_b1330716141026">flag</strong><strong id="dns_usermanual_0014__dns_usermanual_0601_b153084141922">] [tag] [value]</strong>.</p>
<p id="dns_usermanual_0014__p19865152383612">Configuration rules:</p>
<ul id="dns_usermanual_0014__ul4929101919515"><li id="dns_usermanual_0014__dns_usermanual_0601_li119293195518"><strong id="dns_usermanual_0014__dns_usermanual_0601_b84235270615756">flag</strong>: CA identifier, an unsigned character ranging from 0 to 255. Usually, the value is set to <strong id="dns_usermanual_0014__dns_usermanual_0601_b171541818521">0</strong>.</li><li id="dns_usermanual_0014__dns_usermanual_0601_li1649132215511"><strong id="dns_usermanual_0014__dns_usermanual_0601_b431716191229">tag</strong>: You can enter 1 to 15 characters, consisting of letters and digits from 0 to 9. The tag can be one of the following:<ul id="dns_usermanual_0014__dns_usermanual_0601_ul359754482613"><li id="dns_usermanual_0014__dns_usermanual_0601_li959784482616"><strong id="dns_usermanual_0014__dns_usermanual_0601_b84235270695322">issue</strong>: authorizes a CA to issue all types of certificates.</li><li id="dns_usermanual_0014__dns_usermanual_0601_li959734418266"><strong id="dns_usermanual_0014__dns_usermanual_0601_b84235270695328">issuewild</strong>: authorizes a CA to issue wildcard certificates.</li><li id="dns_usermanual_0014__dns_usermanual_0601_li7597114418262"><strong id="dns_usermanual_0014__dns_usermanual_0601_b84235270695332">iodef</strong>: requests notifications once a CA receives invalid certificate requests.</li></ul>
</li><li id="dns_usermanual_0014__dns_usermanual_0601_li124587266518"><strong id="dns_usermanual_0014__dns_usermanual_0601_b614322516212">value</strong>: authorized CA or email address/URL required for notification once the CA receives invalid certificate requests. The value depends on the value of <strong id="dns_usermanual_0014__dns_usermanual_0601_b1687514593274">tag</strong> and must be enclosed in quotation marks (""). The value can contain a maximum of 255 characters, consisting of letters, digits, spaces, and special characters -#*?&amp;_~=:;.@+^/!%</li></ul>
</td>
<td class="cellrowborder" valign="top" width="22%" headers="mcps1.3.3.3.1.2.2.4.1.3 "><p id="dns_usermanual_0014__p9310164811125">0 issue "ca.abc.com"</p>
<p id="dns_usermanual_0014__p183101948161220">0 issuewild "ca.def.com"</p>
<p id="dns_usermanual_0014__p831014831214">0 iodef "mailto:admin@domain.com"</p>
<p id="dns_usermanual_0014__p143101248181211">0 iodef "http:// domain.com/log/"</p>
</td>
</tr>
<tr id="dns_usermanual_0014__row1844134819292"><td class="cellrowborder" valign="top" width="16%" headers="mcps1.3.3.3.1.2.2.4.1.1 "><p id="dns_usermanual_0014__p1481158112914">Tag</p>
</td>
<td class="cellrowborder" valign="top" width="62%" headers="mcps1.3.3.3.1.2.2.4.1.2 "><p id="dns_usermanual_0014__p1414134716167">(Optional) Identifier of a record set. Each tag contains a key and a value. You can add a maximum of 20 tags to a record set.</p>
<p id="dns_usermanual_0014__p1849145832914">For details about tag key and value requirements, see <a href="#dns_usermanual_0014__table191971158112315">Table 2</a>.</p>
</td>
<td class="cellrowborder" valign="top" width="22%" headers="mcps1.3.3.3.1.2.2.4.1.3 "><p id="dns_usermanual_0014__p205017586294">example_key1</p>
<p id="dns_usermanual_0014__p11507158172920">example_value1</p>
</td>
</tr>
<tr id="dns_usermanual_0014__row179379378281"><td class="cellrowborder" valign="top" width="16%" headers="mcps1.3.3.3.1.2.2.4.1.1 "><p id="dns_usermanual_0014__p094143782818">Description</p>
</td>
<td class="cellrowborder" valign="top" width="62%" headers="mcps1.3.3.3.1.2.2.4.1.2 "><p id="dns_usermanual_0014__p1143782915343">(Optional) Supplementary information about the record set.</p>
<p id="dns_usermanual_0014__p17140145133253">You can enter a maximum of 255 characters.</p>
</td>
<td class="cellrowborder" valign="top" width="22%" headers="mcps1.3.3.3.1.2.2.4.1.3 "><p id="dns_usermanual_0014__p8951437162817">-</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><a name="dns_usermanual_0014__table191971158112315"></a><a name="table191971158112315"></a><table cellpadding="4" cellspacing="0" summary="" id="dns_usermanual_0014__table191971158112315" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Tag key and value requirements</caption><thead align="left"><tr id="dns_usermanual_0014__dns_usermanual_0007_r4f5fd2fecc60424eb20075f35572eeb0"><th align="left" class="cellrowborder" valign="top" width="16%" id="mcps1.3.3.3.1.3.2.4.1.1"><p id="dns_usermanual_0014__dns_usermanual_0007_en-us_topic_0035467699_p132908358173"><strong id="dns_usermanual_0014__dns_usermanual_0007_b20351137152119">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="62%" id="mcps1.3.3.3.1.3.2.4.1.2"><p id="dns_usermanual_0014__dns_usermanual_0007_aa34a0c0cbae34a23b63e1882cf4a2c91"><strong id="dns_usermanual_0014__dns_usermanual_0007_b842352706171418">Requirements</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="22%" id="mcps1.3.3.3.1.3.2.4.1.3"><p id="dns_usermanual_0014__dns_usermanual_0007_aece629313e384a698796b7aff7821561">Example Value</p>
</th>
</tr>
</thead>
<tbody><tr id="dns_usermanual_0014__dns_usermanual_0007_rbb2718429c5141319dde3ac939f97ba9"><td class="cellrowborder" valign="top" width="16%" headers="mcps1.3.3.3.1.3.2.4.1.1 "><p id="dns_usermanual_0014__dns_usermanual_0007_ae8044150f5804b42bd8632ccced6b72a">Key</p>
</td>
<td class="cellrowborder" valign="top" width="62%" headers="mcps1.3.3.3.1.3.2.4.1.2 "><ul id="dns_usermanual_0014__dns_usermanual_0007_en-us_topic_0035467699_ul46253231183"><li id="dns_usermanual_0014__dns_usermanual_0007_ld4d43cb49f93464d9789eac5bd9e5f36">Cannot be left blank.</li><li id="dns_usermanual_0014__dns_usermanual_0007_ldcb5af7969f74a64877bb92ab6cd0a40">Must be unique for each resource.</li><li id="dns_usermanual_0014__dns_usermanual_0007_lf50b032d8e2640b4a6c1d5658daa90cf">Can contain a maximum of 36 characters.</li><li id="dns_usermanual_0014__dns_usermanual_0007_l9766567c2b2a4e2c9075dd7ae564e97b">Can contain only letters, digits, hyphens (-), at signs (@), and underscores (_).</li></ul>
</td>
<td class="cellrowborder" valign="top" width="22%" headers="mcps1.3.3.3.1.3.2.4.1.3 "><p id="dns_usermanual_0014__dns_usermanual_0007_a6535efd5b28a446992be7db56bdbca33">example_key1</p>
</td>
</tr>
<tr id="dns_usermanual_0014__dns_usermanual_0007_r89eaf5034c26447c8057d051da26301c"><td class="cellrowborder" valign="top" width="16%" headers="mcps1.3.3.3.1.3.2.4.1.1 "><p id="dns_usermanual_0014__dns_usermanual_0007_afc435752da464fffb58242f1410f227f">Value</p>
</td>
<td class="cellrowborder" valign="top" width="62%" headers="mcps1.3.3.3.1.3.2.4.1.2 "><ul id="dns_usermanual_0014__dns_usermanual_0007_u388a9174749341a8a916b0093d32bc13"><li id="dns_usermanual_0014__dns_usermanual_0007_ld458706cbafd443eac83d3581f41a26e">Cannot be left blank.</li><li id="dns_usermanual_0014__dns_usermanual_0007_l868cdcac8a1341fbaf4d2d69a2f57349">Can contain a maximum of 43 characters.</li><li id="dns_usermanual_0014__dns_usermanual_0007_l9c52621309254b4b85042a22354a1195">Can contain only letters, digits, hyphens (-), at signs (@), and underscores (_).</li></ul>
</td>
<td class="cellrowborder" valign="top" width="22%" headers="mcps1.3.3.3.1.3.2.4.1.3 "><p id="dns_usermanual_0014__dns_usermanual_0007_en-us_topic_0035467699_p62904352179">example_value1</p>
</td>
</tr>
</tbody>
</table>
</div>
</li><li id="dns_usermanual_0014__en-us_topic_0035467699_li4923490010251">Switch back to the <strong id="dns_usermanual_0014__dns_qs_0006_b196595717358">Record Sets</strong> tab.<p id="dns_usermanual_0014__dns_qs_0006_p121601730152714">The added record set is in the <strong id="dns_usermanual_0014__dns_qs_0006_b199714292810473">Normal</strong> state.</p>
</li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dns_usermanual_0006.html">Adding Record Sets</a></div>
</div>
</div>
View Git Blame Copy Permalink