Bicep resource definition
The dnsZones/CAA resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/dnsZones/CAA resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/dnsZones/CAA@2023-07-01-preview' = {
  parent: resourceSymbolicName
  etag: 'string'
  name: 'string'
  properties: {
    AAAARecords: [
      {
        ipv6Address: 'string'
      }
    ]
    ARecords: [
      {
        ipv4Address: 'string'
      }
    ]
    caaRecords: [
      {
        flags: int
        tag: 'string'
        value: 'string'
      }
    ]
    CNAMERecord: {
      cname: 'string'
    }
    DSRecords: [
      {
        algorithm: int
        digest: {
          algorithmType: int
          value: 'string'
        }
        keyTag: int
      }
    ]
    metadata: {
      {customized property}: 'string'
    }
    MXRecords: [
      {
        exchange: 'string'
        preference: int
      }
    ]
    NAPTRRecords: [
      {
        flags: 'string'
        order: int
        preference: int
        regexp: 'string'
        replacement: 'string'
        services: 'string'
      }
    ]
    NSRecords: [
      {
        nsdname: 'string'
      }
    ]
    PTRRecords: [
      {
        ptrdname: 'string'
      }
    ]
    SOARecord: {
      email: 'string'
      expireTime: int
      host: 'string'
      minimumTTL: int
      refreshTime: int
      retryTime: int
      serialNumber: int
    }
    SRVRecords: [
      {
        port: int
        priority: int
        target: 'string'
        weight: int
      }
    ]
    targetResource: {
      id: 'string'
    }
    TLSARecords: [
      {
        certAssociationData: 'string'
        matchingType: int
        selector: int
        usage: int
      }
    ]
    trafficManagementProfile: {
      id: 'string'
    }
    TTL: int
    TXTRecords: [
      {
        value: [
          'string'
        ]
      }
    ]
  }
}
Property Values
Microsoft.Network/dnsZones/CAA
| Name | Description | Value | 
| etag | The etag of the record set. | string | 
| name | The resource name | string (required) | 
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. 
 For more information, see Child resource outside parent resource.
 | Symbolic name for resource of type: dnsZones | 
| properties | The properties of the record set. | RecordSetProperties | 
AaaaRecord
| Name | Description | Value | 
| ipv6Address | The IPv6 address of this AAAA record. | string | 
ARecord
| Name | Description | Value | 
| ipv4Address | The IPv4 address of this A record. | string | 
CaaRecord
| Name | Description | Value | 
| flags | The flags for this CAA record as an integer between 0 and 255. | int | 
| tag | The tag for this CAA record. | string | 
| value | The value for this CAA record. | string | 
CnameRecord
| Name | Description | Value | 
| cname | The canonical name for this CNAME record. | string | 
Digest
| Name | Description | Value | 
| algorithmType | The digest algorithm type represents the standard digest algorithm number used to construct the digest. See: https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml | int | 
| value | The digest value is a cryptographic hash value of the referenced DNSKEY Resource Record. | string | 
DsRecord
MxRecord
| Name | Description | Value | 
| exchange | The ___domain name of the mail host for this MX record. | string | 
| preference | The preference value for this MX record. | int | 
NaptrRecord
| Name | Description | Value | 
| flags | The flags specific to DDDS applications. Values currently defined in RFC 3404 are uppercase and lowercase letters "A", "P", "S", and "U", and the empty string, "". Enclose Flags in quotation marks. | string | 
| order | The order in which the NAPTR records MUST be processed in order to accurately represent the ordered list of rules. The ordering is from lowest to highest. Valid values: 0-65535. | int | 
| preference | The preference specifies the order in which NAPTR records with equal 'order' values should be processed, low numbers being processed before high numbers. Valid values: 0-65535. | int | 
| regexp | The regular expression that the DDDS application uses to convert an input value into an output value. For example: an IP phone system might use a regular expression to convert a phone number that is entered by a user into a SIP URI. Enclose the regular expression in quotation marks. Specify either a value for 'regexp' or a value for 'replacement'. | string | 
| replacement | The replacement is a fully qualified ___domain name (FQDN) of the next ___domain name that you want the DDDS application to submit a DNS query for. The DDDS application replaces the input value with the value specified for replacement. Specify either a value for 'regexp' or a value for 'replacement'. If you specify a value for 'regexp', specify a dot (.) for 'replacement'. | string | 
| services | The services specific to DDDS applications. Enclose Services in quotation marks. | string | 
NsRecord
| Name | Description | Value | 
| nsdname | The name server name for this NS record. | string | 
PtrRecord
| Name | Description | Value | 
| ptrdname | The PTR target ___domain name for this PTR record. | string | 
RecordSetProperties
| Name | Description | Value | 
| AAAARecords | The list of AAAA records in the record set. | AaaaRecord[] | 
| ARecords | The list of A records in the record set. | ARecord[] | 
| caaRecords | The list of CAA records in the record set. | CaaRecord[] | 
| CNAMERecord | The CNAME record in the  record set. | CnameRecord | 
| DSRecords | The list of DS records in the record set. | DsRecord[] | 
| metadata | The metadata attached to the record set. | RecordSetPropertiesMetadata | 
| MXRecords | The list of MX records in the record set. | MxRecord[] | 
| NAPTRRecords | The list of NAPTR records in the record set. | NaptrRecord[] | 
| NSRecords | The list of NS records in the record set. | NsRecord[] | 
| PTRRecords | The list of PTR records in the record set. | PtrRecord[] | 
| SOARecord | The SOA record in the record set. | SoaRecord | 
| SRVRecords | The list of SRV records in the record set. | SrvRecord[] | 
| targetResource | A reference to an azure resource from where the dns resource value is taken. | SubResource | 
| TLSARecords | The list of TLSA records in the record set. | TlsaRecord[] | 
| trafficManagementProfile | A reference to an azure traffic manager profile resource from where the dns resource value is taken. | SubResource | 
| TTL | The TTL (time-to-live) of the records in the record set. | int | 
| TXTRecords | The list of TXT records in the record set. | TxtRecord[] | 
SoaRecord
| Name | Description | Value | 
| email | The email contact for this SOA record. | string | 
| expireTime | The expire time for this SOA record. | int | 
| host | The ___domain name of the authoritative name server for this SOA record. | string | 
| minimumTTL | The minimum value for this SOA record. By convention this is used to determine the negative caching duration. | int | 
| refreshTime | The refresh value for this SOA record. | int | 
| retryTime | The retry time for this SOA record. | int | 
| serialNumber | The serial number for this SOA record. | int | 
SrvRecord
| Name | Description | Value | 
| port | The port value for this SRV record. | int | 
| priority | The priority value for this SRV record. | int | 
| target | The target ___domain name for this SRV record. | string | 
| weight | The weight value for this SRV record. | int | 
SubResource
| Name | Description | Value | 
| id | Resource Id. | string | 
TlsaRecord
| Name | Description | Value | 
| certAssociationData | This specifies the certificate association data to be matched. | string | 
| matchingType | The matching type specifies how the certificate association is presented. | int | 
| selector | The selector specifies which part of the TLS certificate presented by the server will be matched against the association data. | int | 
| usage | The usage specifies the provided association that will be used to match the certificate presented in the TLS handshake. | int | 
TxtRecord
| Name | Description | Value | 
| value | The text value of this TXT record. | string[] | 
 
ARM template resource definition
The dnsZones/CAA resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/dnsZones/CAA resource, add the following JSON to your template.
{
  "type": "Microsoft.Network/dnsZones/CAA",
  "apiVersion": "2023-07-01-preview",
  "name": "string",
  "etag": "string",
  "properties": {
    "AAAARecords": [
      {
        "ipv6Address": "string"
      }
    ],
    "ARecords": [
      {
        "ipv4Address": "string"
      }
    ],
    "caaRecords": [
      {
        "flags": "int",
        "tag": "string",
        "value": "string"
      }
    ],
    "CNAMERecord": {
      "cname": "string"
    },
    "DSRecords": [
      {
        "algorithm": "int",
        "digest": {
          "algorithmType": "int",
          "value": "string"
        },
        "keyTag": "int"
      }
    ],
    "metadata": {
      "{customized property}": "string"
    },
    "MXRecords": [
      {
        "exchange": "string",
        "preference": "int"
      }
    ],
    "NAPTRRecords": [
      {
        "flags": "string",
        "order": "int",
        "preference": "int",
        "regexp": "string",
        "replacement": "string",
        "services": "string"
      }
    ],
    "NSRecords": [
      {
        "nsdname": "string"
      }
    ],
    "PTRRecords": [
      {
        "ptrdname": "string"
      }
    ],
    "SOARecord": {
      "email": "string",
      "expireTime": "int",
      "host": "string",
      "minimumTTL": "int",
      "refreshTime": "int",
      "retryTime": "int",
      "serialNumber": "int"
    },
    "SRVRecords": [
      {
        "port": "int",
        "priority": "int",
        "target": "string",
        "weight": "int"
      }
    ],
    "targetResource": {
      "id": "string"
    },
    "TLSARecords": [
      {
        "certAssociationData": "string",
        "matchingType": "int",
        "selector": "int",
        "usage": "int"
      }
    ],
    "trafficManagementProfile": {
      "id": "string"
    },
    "TTL": "int",
    "TXTRecords": [
      {
        "value": [ "string" ]
      }
    ]
  }
}
Property Values
Microsoft.Network/dnsZones/CAA
| Name | Description | Value | 
| apiVersion | The api version | '2023-07-01-preview' | 
| etag | The etag of the record set. | string | 
| name | The resource name | string (required) | 
| properties | The properties of the record set. | RecordSetProperties | 
| type | The resource type | 'Microsoft.Network/dnsZones/CAA' | 
AaaaRecord
| Name | Description | Value | 
| ipv6Address | The IPv6 address of this AAAA record. | string | 
ARecord
| Name | Description | Value | 
| ipv4Address | The IPv4 address of this A record. | string | 
CaaRecord
| Name | Description | Value | 
| flags | The flags for this CAA record as an integer between 0 and 255. | int | 
| tag | The tag for this CAA record. | string | 
| value | The value for this CAA record. | string | 
CnameRecord
| Name | Description | Value | 
| cname | The canonical name for this CNAME record. | string | 
Digest
| Name | Description | Value | 
| algorithmType | The digest algorithm type represents the standard digest algorithm number used to construct the digest. See: https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml | int | 
| value | The digest value is a cryptographic hash value of the referenced DNSKEY Resource Record. | string | 
DsRecord
MxRecord
| Name | Description | Value | 
| exchange | The ___domain name of the mail host for this MX record. | string | 
| preference | The preference value for this MX record. | int | 
NaptrRecord
| Name | Description | Value | 
| flags | The flags specific to DDDS applications. Values currently defined in RFC 3404 are uppercase and lowercase letters "A", "P", "S", and "U", and the empty string, "". Enclose Flags in quotation marks. | string | 
| order | The order in which the NAPTR records MUST be processed in order to accurately represent the ordered list of rules. The ordering is from lowest to highest. Valid values: 0-65535. | int | 
| preference | The preference specifies the order in which NAPTR records with equal 'order' values should be processed, low numbers being processed before high numbers. Valid values: 0-65535. | int | 
| regexp | The regular expression that the DDDS application uses to convert an input value into an output value. For example: an IP phone system might use a regular expression to convert a phone number that is entered by a user into a SIP URI. Enclose the regular expression in quotation marks. Specify either a value for 'regexp' or a value for 'replacement'. | string | 
| replacement | The replacement is a fully qualified ___domain name (FQDN) of the next ___domain name that you want the DDDS application to submit a DNS query for. The DDDS application replaces the input value with the value specified for replacement. Specify either a value for 'regexp' or a value for 'replacement'. If you specify a value for 'regexp', specify a dot (.) for 'replacement'. | string | 
| services | The services specific to DDDS applications. Enclose Services in quotation marks. | string | 
NsRecord
| Name | Description | Value | 
| nsdname | The name server name for this NS record. | string | 
PtrRecord
| Name | Description | Value | 
| ptrdname | The PTR target ___domain name for this PTR record. | string | 
RecordSetProperties
| Name | Description | Value | 
| AAAARecords | The list of AAAA records in the record set. | AaaaRecord[] | 
| ARecords | The list of A records in the record set. | ARecord[] | 
| caaRecords | The list of CAA records in the record set. | CaaRecord[] | 
| CNAMERecord | The CNAME record in the  record set. | CnameRecord | 
| DSRecords | The list of DS records in the record set. | DsRecord[] | 
| metadata | The metadata attached to the record set. | RecordSetPropertiesMetadata | 
| MXRecords | The list of MX records in the record set. | MxRecord[] | 
| NAPTRRecords | The list of NAPTR records in the record set. | NaptrRecord[] | 
| NSRecords | The list of NS records in the record set. | NsRecord[] | 
| PTRRecords | The list of PTR records in the record set. | PtrRecord[] | 
| SOARecord | The SOA record in the record set. | SoaRecord | 
| SRVRecords | The list of SRV records in the record set. | SrvRecord[] | 
| targetResource | A reference to an azure resource from where the dns resource value is taken. | SubResource | 
| TLSARecords | The list of TLSA records in the record set. | TlsaRecord[] | 
| trafficManagementProfile | A reference to an azure traffic manager profile resource from where the dns resource value is taken. | SubResource | 
| TTL | The TTL (time-to-live) of the records in the record set. | int | 
| TXTRecords | The list of TXT records in the record set. | TxtRecord[] | 
SoaRecord
| Name | Description | Value | 
| email | The email contact for this SOA record. | string | 
| expireTime | The expire time for this SOA record. | int | 
| host | The ___domain name of the authoritative name server for this SOA record. | string | 
| minimumTTL | The minimum value for this SOA record. By convention this is used to determine the negative caching duration. | int | 
| refreshTime | The refresh value for this SOA record. | int | 
| retryTime | The retry time for this SOA record. | int | 
| serialNumber | The serial number for this SOA record. | int | 
SrvRecord
| Name | Description | Value | 
| port | The port value for this SRV record. | int | 
| priority | The priority value for this SRV record. | int | 
| target | The target ___domain name for this SRV record. | string | 
| weight | The weight value for this SRV record. | int | 
SubResource
| Name | Description | Value | 
| id | Resource Id. | string | 
TlsaRecord
| Name | Description | Value | 
| certAssociationData | This specifies the certificate association data to be matched. | string | 
| matchingType | The matching type specifies how the certificate association is presented. | int | 
| selector | The selector specifies which part of the TLS certificate presented by the server will be matched against the association data. | int | 
| usage | The usage specifies the provided association that will be used to match the certificate presented in the TLS handshake. | int | 
TxtRecord
| Name | Description | Value | 
| value | The text value of this TXT record. | string[] | 
Usage Examples
 
The dnsZones/CAA resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/dnsZones/CAA resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/dnsZones/CAA@2023-07-01-preview"
  name = "string"
  parent_id = "string"
  body = {
    etag = "string"
    properties = {
      AAAARecords = [
        {
          ipv6Address = "string"
        }
      ]
      ARecords = [
        {
          ipv4Address = "string"
        }
      ]
      caaRecords = [
        {
          flags = int
          tag = "string"
          value = "string"
        }
      ]
      CNAMERecord = {
        cname = "string"
      }
      DSRecords = [
        {
          algorithm = int
          digest = {
            algorithmType = int
            value = "string"
          }
          keyTag = int
        }
      ]
      metadata = {
        {customized property} = "string"
      }
      MXRecords = [
        {
          exchange = "string"
          preference = int
        }
      ]
      NAPTRRecords = [
        {
          flags = "string"
          order = int
          preference = int
          regexp = "string"
          replacement = "string"
          services = "string"
        }
      ]
      NSRecords = [
        {
          nsdname = "string"
        }
      ]
      PTRRecords = [
        {
          ptrdname = "string"
        }
      ]
      SOARecord = {
        email = "string"
        expireTime = int
        host = "string"
        minimumTTL = int
        refreshTime = int
        retryTime = int
        serialNumber = int
      }
      SRVRecords = [
        {
          port = int
          priority = int
          target = "string"
          weight = int
        }
      ]
      targetResource = {
        id = "string"
      }
      TLSARecords = [
        {
          certAssociationData = "string"
          matchingType = int
          selector = int
          usage = int
        }
      ]
      trafficManagementProfile = {
        id = "string"
      }
      TTL = int
      TXTRecords = [
        {
          value = [
            "string"
          ]
        }
      ]
    }
  }
}
Property Values
Microsoft.Network/dnsZones/CAA
| Name | Description | Value | 
| etag | The etag of the record set. | string | 
| name | The resource name | string (required) | 
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: dnsZones | 
| properties | The properties of the record set. | RecordSetProperties | 
| type | The resource type | "Microsoft.Network/dnsZones/CAA@2023-07-01-preview" | 
AaaaRecord
| Name | Description | Value | 
| ipv6Address | The IPv6 address of this AAAA record. | string | 
ARecord
| Name | Description | Value | 
| ipv4Address | The IPv4 address of this A record. | string | 
CaaRecord
| Name | Description | Value | 
| flags | The flags for this CAA record as an integer between 0 and 255. | int | 
| tag | The tag for this CAA record. | string | 
| value | The value for this CAA record. | string | 
CnameRecord
| Name | Description | Value | 
| cname | The canonical name for this CNAME record. | string | 
Digest
| Name | Description | Value | 
| algorithmType | The digest algorithm type represents the standard digest algorithm number used to construct the digest. See: https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml | int | 
| value | The digest value is a cryptographic hash value of the referenced DNSKEY Resource Record. | string | 
DsRecord
MxRecord
| Name | Description | Value | 
| exchange | The ___domain name of the mail host for this MX record. | string | 
| preference | The preference value for this MX record. | int | 
NaptrRecord
| Name | Description | Value | 
| flags | The flags specific to DDDS applications. Values currently defined in RFC 3404 are uppercase and lowercase letters "A", "P", "S", and "U", and the empty string, "". Enclose Flags in quotation marks. | string | 
| order | The order in which the NAPTR records MUST be processed in order to accurately represent the ordered list of rules. The ordering is from lowest to highest. Valid values: 0-65535. | int | 
| preference | The preference specifies the order in which NAPTR records with equal 'order' values should be processed, low numbers being processed before high numbers. Valid values: 0-65535. | int | 
| regexp | The regular expression that the DDDS application uses to convert an input value into an output value. For example: an IP phone system might use a regular expression to convert a phone number that is entered by a user into a SIP URI. Enclose the regular expression in quotation marks. Specify either a value for 'regexp' or a value for 'replacement'. | string | 
| replacement | The replacement is a fully qualified ___domain name (FQDN) of the next ___domain name that you want the DDDS application to submit a DNS query for. The DDDS application replaces the input value with the value specified for replacement. Specify either a value for 'regexp' or a value for 'replacement'. If you specify a value for 'regexp', specify a dot (.) for 'replacement'. | string | 
| services | The services specific to DDDS applications. Enclose Services in quotation marks. | string | 
NsRecord
| Name | Description | Value | 
| nsdname | The name server name for this NS record. | string | 
PtrRecord
| Name | Description | Value | 
| ptrdname | The PTR target ___domain name for this PTR record. | string | 
RecordSetProperties
| Name | Description | Value | 
| AAAARecords | The list of AAAA records in the record set. | AaaaRecord[] | 
| ARecords | The list of A records in the record set. | ARecord[] | 
| caaRecords | The list of CAA records in the record set. | CaaRecord[] | 
| CNAMERecord | The CNAME record in the  record set. | CnameRecord | 
| DSRecords | The list of DS records in the record set. | DsRecord[] | 
| metadata | The metadata attached to the record set. | RecordSetPropertiesMetadata | 
| MXRecords | The list of MX records in the record set. | MxRecord[] | 
| NAPTRRecords | The list of NAPTR records in the record set. | NaptrRecord[] | 
| NSRecords | The list of NS records in the record set. | NsRecord[] | 
| PTRRecords | The list of PTR records in the record set. | PtrRecord[] | 
| SOARecord | The SOA record in the record set. | SoaRecord | 
| SRVRecords | The list of SRV records in the record set. | SrvRecord[] | 
| targetResource | A reference to an azure resource from where the dns resource value is taken. | SubResource | 
| TLSARecords | The list of TLSA records in the record set. | TlsaRecord[] | 
| trafficManagementProfile | A reference to an azure traffic manager profile resource from where the dns resource value is taken. | SubResource | 
| TTL | The TTL (time-to-live) of the records in the record set. | int | 
| TXTRecords | The list of TXT records in the record set. | TxtRecord[] | 
SoaRecord
| Name | Description | Value | 
| email | The email contact for this SOA record. | string | 
| expireTime | The expire time for this SOA record. | int | 
| host | The ___domain name of the authoritative name server for this SOA record. | string | 
| minimumTTL | The minimum value for this SOA record. By convention this is used to determine the negative caching duration. | int | 
| refreshTime | The refresh value for this SOA record. | int | 
| retryTime | The retry time for this SOA record. | int | 
| serialNumber | The serial number for this SOA record. | int | 
SrvRecord
| Name | Description | Value | 
| port | The port value for this SRV record. | int | 
| priority | The priority value for this SRV record. | int | 
| target | The target ___domain name for this SRV record. | string | 
| weight | The weight value for this SRV record. | int | 
SubResource
| Name | Description | Value | 
| id | Resource Id. | string | 
TlsaRecord
| Name | Description | Value | 
| certAssociationData | This specifies the certificate association data to be matched. | string | 
| matchingType | The matching type specifies how the certificate association is presented. | int | 
| selector | The selector specifies which part of the TLS certificate presented by the server will be matched against the association data. | int | 
| usage | The usage specifies the provided association that will be used to match the certificate presented in the TLS handshake. | int | 
TxtRecord
| Name | Description | Value | 
| value | The text value of this TXT record. | string[] | 
Usage Examples
A basic example of deploying DNS CAA Record.
terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}
provider "azapi" {
  skip_provider_registration = false
}
variable "resource_name" {
  type    = string
  default = "acctest0001"
}
variable "___location" {
  type    = string
  default = "westeurope"
}
resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  ___location = var.___location
}
resource "azapi_resource" "dnsZone" {
  type                      = "Microsoft.Network/dnsZones@2018-05-01"
  parent_id                 = azapi_resource.resourceGroup.id
  name                      = "${var.resource_name}.com"
  ___location                  = "global"
  schema_validation_enabled = false
  response_export_values    = ["*"]
}
resource "azapi_resource" "CAA" {
  type      = "Microsoft.Network/dnsZones/CAA@2018-05-01"
  parent_id = azapi_resource.dnsZone.id
  name      = var.resource_name
  body = {
    properties = {
      TTL = 300
      caaRecords = [
        {
          flags = 1
          tag   = "issuewild"
          value = ";"
        },
        {
          flags = 0
          tag   = "iodef"
          value = "mailto:terraform@nonexist.tld"
        },
        {
          flags = 0
          tag   = "issue"
          value = "example.com"
        },
        {
          flags = 0
          tag   = "issue"
          value = "example.net"
        },
      ]
      metadata = {
      }
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}