vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/dns/umn/dns_usermanual_0014.html
Qin Ying, Fan 97832252bc DNS UMN 0930 version 
Reviewed-by: Kucerak, Kristian <kristian.kucerak@t-systems.com>
Co-authored-by: Qin Ying, Fan <fanqinying@huawei.com>
Co-committed-by: Qin Ying, Fan <fanqinying@huawei.com>
2022-10-04 14:13:06 +00:00

121 lines
16 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<a name="dns_usermanual_0014"></a><a name="dns_usermanual_0014"></a>
<h1 class="topictitle1">Adding a CAA Record Set</h1>
<div id="body1548760902270"><div class="section" id="dns_usermanual_0014__section187281084528"><h4 class="sectiontitle"><strong id="dns_usermanual_0014__b1945914476554">Scenarios</strong></h4><p id="dns_usermanual_0014__p1849014481545">If you want to specify CAs authorized to issue HTTPS certificates for your domain name, add CAA record sets for the domain name.</p>
<p id="dns_usermanual_0014__p187571728174615">CAA record sets are used to prevent HTTPS certificates from being incorrectly issued.</p>
<p id="dns_usermanual_0014__p1032122565311">For details about other record set types, see <a href="dns_usermanual_0601.html">Record Set Types and Configuration Rules</a>.</p>
</div>
<div class="section" id="dns_usermanual_0014__section10284161715528"><h4 class="sectiontitle">Constraints</h4><p id="dns_usermanual_0014__p1382995310437">CAA record sets can be added only to public zones.</p>
</div>
<div class="section" id="dns_usermanual_0014__section6412174644120"><h4 class="sectiontitle"><strong id="dns_usermanual_0014__b133344357017">Procedure</strong></h4><ol id="dns_usermanual_0014__ol10399142539"><li id="dns_usermanual_0014__li351771565215">Log in to the management console.</li><li id="dns_usermanual_0014__li7436923155217">In the service list, choose <strong id="dns_usermanual_0014__dns_usermanual_0007_en-us_topic_0035467699_b253764512375">Network</strong> &gt; <strong id="dns_usermanual_0014__dns_usermanual_0007_en-us_topic_0035467699_b561505711379">Domain Name Service</strong>.<p id="dns_usermanual_0014__dns_usermanual_0007_en-us_topic_0035467699_en-us_topic_0035467699_p179595731633">The DNS console is displayed.</p>
</li></ol><ol start="3" id="dns_usermanual_0014__ol44805021215"><li id="dns_usermanual_0014__li61395879115716">In the navigation pane, choose <strong id="dns_usermanual_0014__dns_usermanual_0009_en-us_topic_0035467699_b29951815195912">Public Zones</strong>.<p id="dns_usermanual_0014__dns_usermanual_0009_en-us_topic_0035467699_en-us_topic_0035467699_p5173372716550">The <strong id="dns_usermanual_0014__dns_usermanual_0009_en-us_topic_0035467699_b84235270618511">Public Zones</strong> page is displayed.</p>
</li><li id="dns_usermanual_0014__li57832421115837">Click the zone name.</li><li id="dns_usermanual_0014__li184801011214">Click <strong id="dns_usermanual_0014__dns_usermanual_0007_b1360114185916">Add Record Set</strong>.<p id="dns_usermanual_0014__dns_usermanual_0007_a57041818ee3b4a18801b83932fce907b">The <strong id="dns_usermanual_0014__dns_usermanual_0007_b1260184125913">Add Record Set</strong> dialog box is displayed.</p>
</li></ol><ol start="6" id="dns_usermanual_0014__ol59320072113848"><li id="dns_usermanual_0014__li613684841277">Set required parameters based on <a href="#dns_usermanual_0014__table676063732817">Table 1</a>.
<div class="tablenoborder"><a name="dns_usermanual_0014__table676063732817"></a><a name="table676063732817"></a><table cellpadding="4" cellspacing="0" summary="" id="dns_usermanual_0014__table676063732817" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for adding a CAA record set</caption><thead align="left"><tr id="dns_usermanual_0014__row5778037182810"><th align="left" class="cellrowborder" valign="top" width="16%" id="mcps1.3.3.4.1.2.2.4.1.1"><p id="dns_usermanual_0014__p7782133732811"><strong>Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="62%" id="mcps1.3.3.4.1.2.2.4.1.2"><p id="dns_usermanual_0014__p12788153715287"><strong>Description</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="22%" id="mcps1.3.3.4.1.2.2.4.1.3"><p id="dns_usermanual_0014__p15792153719289"><strong>Example Value</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="dns_usermanual_0014__row207951137172810"><td class="cellrowborder" valign="top" width="16%" headers="mcps1.3.3.4.1.2.2.4.1.1 "><p id="dns_usermanual_0014__p8798203752820">Name</p>
</td>
<td class="cellrowborder" valign="top" width="62%" headers="mcps1.3.3.4.1.2.2.4.1.2 "><p id="dns_usermanual_0014__p498991411924">Prefix of the domain name to be resolved</p>
<p id="dns_usermanual_0014__p4490923311924">For example, if the zone name is <strong id="dns_usermanual_0014__dns_usermanual_0007_b10331683433">example.com</strong>, the domain name prefix can be as follows:</p>
<ul id="dns_usermanual_0014__ul62101617105015"><li id="dns_usermanual_0014__dns_usermanual_0007_li74912028142710"><strong id="dns_usermanual_0014__dns_usermanual_0007_b68691535154311">www</strong>: The domain name is www.example.com, which is usually used for a website.</li><li id="dns_usermanual_0014__dns_usermanual_0007_li7403112285516">Left blank: The domain name is example.com.<p id="dns_usermanual_0014__dns_usermanual_0007_p210152475518"><a name="dns_usermanual_0014__dns_usermanual_0007_li7403112285516"></a><a name="dns_usermanual_0007_li7403112285516"></a>In some cases, you may need to set the record set name to the at sign (@). However, the at sign is not supported. Leave the <strong id="dns_usermanual_0014__dns_usermanual_0007_b7945135343216">Name</strong> blank.</p>
</li><li id="dns_usermanual_0014__dns_usermanual_0007_li1749112284277"><strong id="dns_usermanual_0014__dns_usermanual_0007_b159141815184510">abc</strong>: The domain name is abc.example.com, a subdomain of example.com.</li><li id="dns_usermanual_0014__dns_usermanual_0007_li20491028142718"><strong id="dns_usermanual_0014__dns_usermanual_0007_b510014054612">mail</strong>: The domain name is mail.example.com, which is typically used for an email server.</li><li id="dns_usermanual_0014__dns_usermanual_0007_li184910286279"><strong id="dns_usermanual_0014__dns_usermanual_0007_b14337622174617">*</strong>: The domain name is *.example.com, which is a wildcard domain name, indicating all subdomains of example.com.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="22%" headers="mcps1.3.3.4.1.2.2.4.1.3 "><p id="dns_usermanual_0014__p78160372285">Left blank</p>
</td>
</tr>
<tr id="dns_usermanual_0014__row13819837192816"><td class="cellrowborder" valign="top" width="16%" headers="mcps1.3.3.4.1.2.2.4.1.1 "><p id="dns_usermanual_0014__p982663713288">Type</p>
</td>
<td class="cellrowborder" valign="top" width="62%" headers="mcps1.3.3.4.1.2.2.4.1.2 "><p id="dns_usermanual_0014__p1383173742816">Type of the record set</p>
<p id="dns_usermanual_0014__p8911154710176">If a message is displayed indicating that the record set you are trying to create exists, the record set conflicts with an existing record set.</p>
</td>
<td class="cellrowborder" valign="top" width="22%" headers="mcps1.3.3.4.1.2.2.4.1.3 "><p id="dns_usermanual_0014__p7622132712445">CAA Grant certificate issuing permissions to CAs</p>
</td>
</tr>
<tr id="dns_usermanual_0014__row3866173712813"><td class="cellrowborder" valign="top" width="16%" headers="mcps1.3.3.4.1.2.2.4.1.1 "><p id="dns_usermanual_0014__p9874163714287">TTL (s)</p>
</td>
<td class="cellrowborder" valign="top" width="62%" headers="mcps1.3.3.4.1.2.2.4.1.2 "><p id="dns_usermanual_0014__p5888275712739">Cache duration of the record set on a local DNS server, in seconds</p>
<p id="dns_usermanual_0014__p103873299529">The value ranges from <strong id="dns_usermanual_0014__dns_usermanual_0007_b12340162774812">1</strong> to <strong id="dns_usermanual_0014__dns_usermanual_0007_b8804142484815">2147483647</strong>, and the default is <strong id="dns_usermanual_0014__dns_usermanual_0007_b986894618157">300</strong>.</p>
<p id="dns_usermanual_0014__p7737113020523">If your service address changes frequently, set TTL to a smaller value.</p>
</td>
<td class="cellrowborder" valign="top" width="22%" headers="mcps1.3.3.4.1.2.2.4.1.3 "><p id="dns_usermanual_0014__p477403312739">The default value is <strong id="dns_usermanual_0014__dns_usermanual_0007_b13495124172916">300</strong>, which is, 5 minutes.</p>
</td>
</tr>
<tr id="dns_usermanual_0014__row9887737162813"><td class="cellrowborder" valign="top" width="16%" headers="mcps1.3.3.4.1.2.2.4.1.1 "><p id="dns_usermanual_0014__p689116371284">Value</p>
</td>
<td class="cellrowborder" valign="top" width="62%" headers="mcps1.3.3.4.1.2.2.4.1.2 "><p id="dns_usermanual_0014__p19128114815389">CA to be authorized to issue certificates for a domain name or its subdomains</p>
<p id="dns_usermanual_0014__p1372302745912">You can enter a maximum of 50 record values, each on a separate line.</p>
<p id="dns_usermanual_0014__p82361147105913">The format is <strong id="dns_usermanual_0014__dns_usermanual_0601_b14296101413215">[</strong><strong id="dns_usermanual_0014__dns_usermanual_0601_b1330716141026">flag</strong><strong id="dns_usermanual_0014__dns_usermanual_0601_b153084141922">] [tag] [value]</strong>.</p>
<p id="dns_usermanual_0014__p19865152383612">Configuration rules:</p>
<ul id="dns_usermanual_0014__ul4929101919515"><li id="dns_usermanual_0014__dns_usermanual_0601_li119293195518"><strong id="dns_usermanual_0014__dns_usermanual_0601_b84235270615756">flag</strong>: certificate authority (CA) identifier, which is an unsigned character ranging from 0 to 255. Usually, the value is set to <strong id="dns_usermanual_0014__dns_usermanual_0601_b171541818521">0</strong>.</li><li id="dns_usermanual_0014__dns_usermanual_0601_li1649132215511"><strong id="dns_usermanual_0014__dns_usermanual_0601_b431716191229">tag</strong>: a string of 1 to 15 characters composed of letters and digits from 0 to 9. The tag can be one of the following:<ul id="dns_usermanual_0014__dns_usermanual_0601_ul359754482613"><li id="dns_usermanual_0014__dns_usermanual_0601_li959784482616"><strong id="dns_usermanual_0014__dns_usermanual_0601_b84235270695322">issue</strong>: authorizes CAs to issue all types of certificates.</li><li id="dns_usermanual_0014__dns_usermanual_0601_li959734418266"><strong id="dns_usermanual_0014__dns_usermanual_0601_b84235270695328">issuewild</strong>: authorizes CAs to issue wildcard certificates.</li><li id="dns_usermanual_0014__dns_usermanual_0601_li7597114418262"><strong id="dns_usermanual_0014__dns_usermanual_0601_b84235270695332">iodef</strong>: requests notifications once CAs receive invalid certificate requests.</li></ul>
</li><li id="dns_usermanual_0014__dns_usermanual_0601_li124587266518"><strong id="dns_usermanual_0014__dns_usermanual_0601_b614322516212">value</strong>: authorized CA or email address/URL required for notification once the CA receives invalid certificate requests, depending on the value of <strong id="dns_usermanual_0014__dns_usermanual_0601_b81588258218">tag</strong>. The value must be enclosed in quotation marks (""). It is a string of 1 to 255 characters, including letters, digits, spaces, and special characters -#*?&amp;_~=:;.@+^/!%</li></ul>
</td>
<td class="cellrowborder" valign="top" width="22%" headers="mcps1.3.3.4.1.2.2.4.1.3 "><p id="dns_usermanual_0014__p9310164811125">0 issue "ca.abc.com"</p>
<p id="dns_usermanual_0014__p183101948161220">0 issuewild "ca.def.com"</p>
<p id="dns_usermanual_0014__p831014831214">0 iodef "mailto:admin@domain.com"</p>
<p id="dns_usermanual_0014__p143101248181211">0 iodef "http:// domain.com/log/"</p>
</td>
</tr>
<tr id="dns_usermanual_0014__row1844134819292"><td class="cellrowborder" valign="top" width="16%" headers="mcps1.3.3.4.1.2.2.4.1.1 "><p id="dns_usermanual_0014__p1481158112914">Tags</p>
</td>
<td class="cellrowborder" valign="top" width="62%" headers="mcps1.3.3.4.1.2.2.4.1.2 "><p id="dns_usermanual_0014__p1414134716167">(Optional) Identifier of a resource</p>
<p id="dns_usermanual_0014__p1347513731813">Each tag contains a key and a value. You can add a maximum of 20 tags to a record set. This parameter is displayed when you enable <strong id="dns_usermanual_0014__dns_usermanual_0007_b1487533711226">Other Settings</strong>.</p>
<p id="dns_usermanual_0014__p1849145832914">For details about tag key and value requirements, see <a href="#dns_usermanual_0014__table191971158112315">Table 2</a>.</p>
</td>
<td class="cellrowborder" valign="top" width="22%" headers="mcps1.3.3.4.1.2.2.4.1.3 "><p id="dns_usermanual_0014__p205017586294">example_key1</p>
<p id="dns_usermanual_0014__p11507158172920">example_value1</p>
</td>
</tr>
<tr id="dns_usermanual_0014__row179379378281"><td class="cellrowborder" valign="top" width="16%" headers="mcps1.3.3.4.1.2.2.4.1.1 "><p id="dns_usermanual_0014__p094143782818">Description</p>
</td>
<td class="cellrowborder" valign="top" width="62%" headers="mcps1.3.3.4.1.2.2.4.1.2 "><p id="dns_usermanual_0014__p1143782915343">(Optional) Supplementary information about the record set</p>
<p id="dns_usermanual_0014__p17140145133253">You can enter a maximum of 255 characters.</p>
</td>
<td class="cellrowborder" valign="top" width="22%" headers="mcps1.3.3.4.1.2.2.4.1.3 "><p id="dns_usermanual_0014__p8951437162817">-</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><a name="dns_usermanual_0014__table191971158112315"></a><a name="table191971158112315"></a><table cellpadding="4" cellspacing="0" summary="" id="dns_usermanual_0014__table191971158112315" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Tag key and value requirements</caption><thead align="left"><tr id="dns_usermanual_0014__dns_usermanual_0007_r4f5fd2fecc60424eb20075f35572eeb0"><th align="left" class="cellrowborder" valign="top" width="16%" id="mcps1.3.3.4.1.3.2.4.1.1"><p id="dns_usermanual_0014__dns_usermanual_0007_en-us_topic_0035467699_p132908358173"><strong>Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="62%" id="mcps1.3.3.4.1.3.2.4.1.2"><p id="dns_usermanual_0014__dns_usermanual_0007_aa34a0c0cbae34a23b63e1882cf4a2c91"><strong id="dns_usermanual_0014__dns_usermanual_0007_b842352706171418">Requirements</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="22%" id="mcps1.3.3.4.1.3.2.4.1.3"><p id="dns_usermanual_0014__dns_usermanual_0007_aece629313e384a698796b7aff7821561">Example Value</p>
</th>
</tr>
</thead>
<tbody><tr id="dns_usermanual_0014__dns_usermanual_0007_rbb2718429c5141319dde3ac939f97ba9"><td class="cellrowborder" valign="top" width="16%" headers="mcps1.3.3.4.1.3.2.4.1.1 "><p id="dns_usermanual_0014__dns_usermanual_0007_ae8044150f5804b42bd8632ccced6b72a">Key</p>
</td>
<td class="cellrowborder" valign="top" width="62%" headers="mcps1.3.3.4.1.3.2.4.1.2 "><ul id="dns_usermanual_0014__dns_usermanual_0007_en-us_topic_0035467699_ul46253231183"><li id="dns_usermanual_0014__dns_usermanual_0007_ld4d43cb49f93464d9789eac5bd9e5f36">Cannot be left blank.</li><li id="dns_usermanual_0014__dns_usermanual_0007_ldcb5af7969f74a64877bb92ab6cd0a40">Must be unique for each resource.</li><li id="dns_usermanual_0014__dns_usermanual_0007_lf50b032d8e2640b4a6c1d5658daa90cf">Can contain a maximum of 36 characters.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="22%" headers="mcps1.3.3.4.1.3.2.4.1.3 "><p id="dns_usermanual_0014__dns_usermanual_0007_a6535efd5b28a446992be7db56bdbca33">example_key1</p>
</td>
</tr>
<tr id="dns_usermanual_0014__dns_usermanual_0007_r89eaf5034c26447c8057d051da26301c"><td class="cellrowborder" valign="top" width="16%" headers="mcps1.3.3.4.1.3.2.4.1.1 "><p id="dns_usermanual_0014__dns_usermanual_0007_afc435752da464fffb58242f1410f227f">Value</p>
</td>
<td class="cellrowborder" valign="top" width="62%" headers="mcps1.3.3.4.1.3.2.4.1.2 "><ul id="dns_usermanual_0014__dns_usermanual_0007_u388a9174749341a8a916b0093d32bc13"><li id="dns_usermanual_0014__dns_usermanual_0007_ld458706cbafd443eac83d3581f41a26e">Cannot be left blank.</li><li id="dns_usermanual_0014__dns_usermanual_0007_l868cdcac8a1341fbaf4d2d69a2f57349">Can contain a maximum of 43 characters.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="22%" headers="mcps1.3.3.4.1.3.2.4.1.3 "><p id="dns_usermanual_0014__dns_usermanual_0007_en-us_topic_0035467699_p62904352179">example_value1</p>
</td>
</tr>
</tbody>
</table>
</div>
</li><li id="dns_usermanual_0014__li113036496294">Switch back to the <strong id="dns_usermanual_0014__dns_usermanual_0007_dns_qs_0006_b551763234215">Record Sets</strong> page.<p id="dns_usermanual_0014__dns_usermanual_0007_dns_qs_0006_p677473481417">View the added record set in the record set list of the zone and ensure that the status of the record set is <strong id="dns_usermanual_0014__dns_usermanual_0007_dns_qs_0006_b73956595510">Normal</strong>.</p>
</li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dns_usermanual_0006.html">Adding Record Sets</a></div>
</div>
</div>
View Git Blame Copy Permalink