Share via


Microsoft.Network dnsZones/CAA 2023-07-01-preview

Bicep resource definition

The dnsZones/CAA resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/dnsZones/CAA resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/dnsZones/CAA@2023-07-01-preview' = {
  parent: resourceSymbolicName
  etag: 'string'
  name: 'string'
  properties: {
    AAAARecords: [
      {
        ipv6Address: 'string'
      }
    ]
    ARecords: [
      {
        ipv4Address: 'string'
      }
    ]
    caaRecords: [
      {
        flags: int
        tag: 'string'
        value: 'string'
      }
    ]
    CNAMERecord: {
      cname: 'string'
    }
    DSRecords: [
      {
        algorithm: int
        digest: {
          algorithmType: int
          value: 'string'
        }
        keyTag: int
      }
    ]
    metadata: {
      {customized property}: 'string'
    }
    MXRecords: [
      {
        exchange: 'string'
        preference: int
      }
    ]
    NAPTRRecords: [
      {
        flags: 'string'
        order: int
        preference: int
        regexp: 'string'
        replacement: 'string'
        services: 'string'
      }
    ]
    NSRecords: [
      {
        nsdname: 'string'
      }
    ]
    PTRRecords: [
      {
        ptrdname: 'string'
      }
    ]
    SOARecord: {
      email: 'string'
      expireTime: int
      host: 'string'
      minimumTTL: int
      refreshTime: int
      retryTime: int
      serialNumber: int
    }
    SRVRecords: [
      {
        port: int
        priority: int
        target: 'string'
        weight: int
      }
    ]
    targetResource: {
      id: 'string'
    }
    TLSARecords: [
      {
        certAssociationData: 'string'
        matchingType: int
        selector: int
        usage: int
      }
    ]
    trafficManagementProfile: {
      id: 'string'
    }
    TTL: int
    TXTRecords: [
      {
        value: [
          'string'
        ]
      }
    ]
  }
}

Property Values

Microsoft.Network/dnsZones/CAA

Name Description Value
etag The etag of the record set. string
name The resource name string (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: dnsZones
properties The properties of the record set. RecordSetProperties

AaaaRecord

Name Description Value
ipv6Address The IPv6 address of this AAAA record. string

ARecord

Name Description Value
ipv4Address The IPv4 address of this A record. string

CaaRecord

Name Description Value
flags The flags for this CAA record as an integer between 0 and 255. int
tag The tag for this CAA record. string
value The value for this CAA record. string

CnameRecord

Name Description Value
cname The canonical name for this CNAME record. string

Digest

Name Description Value
algorithmType The digest algorithm type represents the standard digest algorithm number used to construct the digest. See: https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml int
value The digest value is a cryptographic hash value of the referenced DNSKEY Resource Record. string

DsRecord

Name Description Value
algorithm The security algorithm type represents the standard security algorithm number of the DNSKEY Resource Record. See: https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml int
digest The digest entity. Digest
keyTag The key tag value is used to determine which DNSKEY Resource Record is used for signature verification. int

MxRecord

Name Description Value
exchange The ___domain name of the mail host for this MX record. string
preference The preference value for this MX record. int

NaptrRecord

Name Description Value
flags The flags specific to DDDS applications. Values currently defined in RFC 3404 are uppercase and lowercase letters "A", "P", "S", and "U", and the empty string, "". Enclose Flags in quotation marks. string
order The order in which the NAPTR records MUST be processed in order to accurately represent the ordered list of rules. The ordering is from lowest to highest. Valid values: 0-65535. int
preference The preference specifies the order in which NAPTR records with equal 'order' values should be processed, low numbers being processed before high numbers. Valid values: 0-65535. int
regexp The regular expression that the DDDS application uses to convert an input value into an output value. For example: an IP phone system might use a regular expression to convert a phone number that is entered by a user into a SIP URI. Enclose the regular expression in quotation marks. Specify either a value for 'regexp' or a value for 'replacement'. string
replacement The replacement is a fully qualified ___domain name (FQDN) of the next ___domain name that you want the DDDS application to submit a DNS query for. The DDDS application replaces the input value with the value specified for replacement. Specify either a value for 'regexp' or a value for 'replacement'. If you specify a value for 'regexp', specify a dot (.) for 'replacement'. string
services The services specific to DDDS applications. Enclose Services in quotation marks. string

NsRecord

Name Description Value
nsdname The name server name for this NS record. string

PtrRecord

Name Description Value
ptrdname The PTR target ___domain name for this PTR record. string

RecordSetProperties

Name Description Value
AAAARecords The list of AAAA records in the record set. AaaaRecord[]
ARecords The list of A records in the record set. ARecord[]
caaRecords The list of CAA records in the record set. CaaRecord[]
CNAMERecord The CNAME record in the record set. CnameRecord
DSRecords The list of DS records in the record set. DsRecord[]
metadata The metadata attached to the record set. RecordSetPropertiesMetadata
MXRecords The list of MX records in the record set. MxRecord[]
NAPTRRecords The list of NAPTR records in the record set. NaptrRecord[]
NSRecords The list of NS records in the record set. NsRecord[]
PTRRecords The list of PTR records in the record set. PtrRecord[]
SOARecord The SOA record in the record set. SoaRecord
SRVRecords The list of SRV records in the record set. SrvRecord[]
targetResource A reference to an azure resource from where the dns resource value is taken. SubResource
TLSARecords The list of TLSA records in the record set. TlsaRecord[]
trafficManagementProfile A reference to an azure traffic manager profile resource from where the dns resource value is taken. SubResource
TTL The TTL (time-to-live) of the records in the record set. int
TXTRecords The list of TXT records in the record set. TxtRecord[]

RecordSetPropertiesMetadata

Name Description Value

SoaRecord

Name Description Value
email The email contact for this SOA record. string
expireTime The expire time for this SOA record. int
host The ___domain name of the authoritative name server for this SOA record. string
minimumTTL The minimum value for this SOA record. By convention this is used to determine the negative caching duration. int
refreshTime The refresh value for this SOA record. int
retryTime The retry time for this SOA record. int
serialNumber The serial number for this SOA record. int

SrvRecord

Name Description Value
port The port value for this SRV record. int
priority The priority value for this SRV record. int
target The target ___domain name for this SRV record. string
weight The weight value for this SRV record. int

SubResource

Name Description Value
id Resource Id. string

TlsaRecord

Name Description Value
certAssociationData This specifies the certificate association data to be matched. string
matchingType The matching type specifies how the certificate association is presented. int
selector The selector specifies which part of the TLS certificate presented by the server will be matched against the association data. int
usage The usage specifies the provided association that will be used to match the certificate presented in the TLS handshake. int

TxtRecord

Name Description Value
value The text value of this TXT record. string[]

ARM template resource definition

The dnsZones/CAA resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/dnsZones/CAA resource, add the following JSON to your template.

{
  "type": "Microsoft.Network/dnsZones/CAA",
  "apiVersion": "2023-07-01-preview",
  "name": "string",
  "etag": "string",
  "properties": {
    "AAAARecords": [
      {
        "ipv6Address": "string"
      }
    ],
    "ARecords": [
      {
        "ipv4Address": "string"
      }
    ],
    "caaRecords": [
      {
        "flags": "int",
        "tag": "string",
        "value": "string"
      }
    ],
    "CNAMERecord": {
      "cname": "string"
    },
    "DSRecords": [
      {
        "algorithm": "int",
        "digest": {
          "algorithmType": "int",
          "value": "string"
        },
        "keyTag": "int"
      }
    ],
    "metadata": {
      "{customized property}": "string"
    },
    "MXRecords": [
      {
        "exchange": "string",
        "preference": "int"
      }
    ],
    "NAPTRRecords": [
      {
        "flags": "string",
        "order": "int",
        "preference": "int",
        "regexp": "string",
        "replacement": "string",
        "services": "string"
      }
    ],
    "NSRecords": [
      {
        "nsdname": "string"
      }
    ],
    "PTRRecords": [
      {
        "ptrdname": "string"
      }
    ],
    "SOARecord": {
      "email": "string",
      "expireTime": "int",
      "host": "string",
      "minimumTTL": "int",
      "refreshTime": "int",
      "retryTime": "int",
      "serialNumber": "int"
    },
    "SRVRecords": [
      {
        "port": "int",
        "priority": "int",
        "target": "string",
        "weight": "int"
      }
    ],
    "targetResource": {
      "id": "string"
    },
    "TLSARecords": [
      {
        "certAssociationData": "string",
        "matchingType": "int",
        "selector": "int",
        "usage": "int"
      }
    ],
    "trafficManagementProfile": {
      "id": "string"
    },
    "TTL": "int",
    "TXTRecords": [
      {
        "value": [ "string" ]
      }
    ]
  }
}

Property Values

Microsoft.Network/dnsZones/CAA

Name Description Value
apiVersion The api version '2023-07-01-preview'
etag The etag of the record set. string
name The resource name string (required)
properties The properties of the record set. RecordSetProperties
type The resource type 'Microsoft.Network/dnsZones/CAA'

AaaaRecord

Name Description Value
ipv6Address The IPv6 address of this AAAA record. string

ARecord

Name Description Value
ipv4Address The IPv4 address of this A record. string

CaaRecord

Name Description Value
flags The flags for this CAA record as an integer between 0 and 255. int
tag The tag for this CAA record. string
value The value for this CAA record. string

CnameRecord

Name Description Value
cname The canonical name for this CNAME record. string

Digest

Name Description Value
algorithmType The digest algorithm type represents the standard digest algorithm number used to construct the digest. See: https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml int
value The digest value is a cryptographic hash value of the referenced DNSKEY Resource Record. string

DsRecord

Name Description Value
algorithm The security algorithm type represents the standard security algorithm number of the DNSKEY Resource Record. See: https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml int
digest The digest entity. Digest
keyTag The key tag value is used to determine which DNSKEY Resource Record is used for signature verification. int

MxRecord

Name Description Value
exchange The ___domain name of the mail host for this MX record. string
preference The preference value for this MX record. int

NaptrRecord

Name Description Value
flags The flags specific to DDDS applications. Values currently defined in RFC 3404 are uppercase and lowercase letters "A", "P", "S", and "U", and the empty string, "". Enclose Flags in quotation marks. string
order The order in which the NAPTR records MUST be processed in order to accurately represent the ordered list of rules. The ordering is from lowest to highest. Valid values: 0-65535. int
preference The preference specifies the order in which NAPTR records with equal 'order' values should be processed, low numbers being processed before high numbers. Valid values: 0-65535. int
regexp The regular expression that the DDDS application uses to convert an input value into an output value. For example: an IP phone system might use a regular expression to convert a phone number that is entered by a user into a SIP URI. Enclose the regular expression in quotation marks. Specify either a value for 'regexp' or a value for 'replacement'. string
replacement The replacement is a fully qualified ___domain name (FQDN) of the next ___domain name that you want the DDDS application to submit a DNS query for. The DDDS application replaces the input value with the value specified for replacement. Specify either a value for 'regexp' or a value for 'replacement'. If you specify a value for 'regexp', specify a dot (.) for 'replacement'. string
services The services specific to DDDS applications. Enclose Services in quotation marks. string

NsRecord

Name Description Value
nsdname The name server name for this NS record. string

PtrRecord

Name Description Value
ptrdname The PTR target ___domain name for this PTR record. string

RecordSetProperties

Name Description Value
AAAARecords The list of AAAA records in the record set. AaaaRecord[]
ARecords The list of A records in the record set. ARecord[]
caaRecords The list of CAA records in the record set. CaaRecord[]
CNAMERecord The CNAME record in the record set. CnameRecord
DSRecords The list of DS records in the record set. DsRecord[]
metadata The metadata attached to the record set. RecordSetPropertiesMetadata
MXRecords The list of MX records in the record set. MxRecord[]
NAPTRRecords The list of NAPTR records in the record set. NaptrRecord[]
NSRecords The list of NS records in the record set. NsRecord[]
PTRRecords The list of PTR records in the record set. PtrRecord[]
SOARecord The SOA record in the record set. SoaRecord
SRVRecords The list of SRV records in the record set. SrvRecord[]
targetResource A reference to an azure resource from where the dns resource value is taken. SubResource
TLSARecords The list of TLSA records in the record set. TlsaRecord[]
trafficManagementProfile A reference to an azure traffic manager profile resource from where the dns resource value is taken. SubResource
TTL The TTL (time-to-live) of the records in the record set. int
TXTRecords The list of TXT records in the record set. TxtRecord[]

RecordSetPropertiesMetadata

Name Description Value

SoaRecord

Name Description Value
email The email contact for this SOA record. string
expireTime The expire time for this SOA record. int
host The ___domain name of the authoritative name server for this SOA record. string
minimumTTL The minimum value for this SOA record. By convention this is used to determine the negative caching duration. int
refreshTime The refresh value for this SOA record. int
retryTime The retry time for this SOA record. int
serialNumber The serial number for this SOA record. int

SrvRecord

Name Description Value
port The port value for this SRV record. int
priority The priority value for this SRV record. int
target The target ___domain name for this SRV record. string
weight The weight value for this SRV record. int

SubResource

Name Description Value
id Resource Id. string

TlsaRecord

Name Description Value
certAssociationData This specifies the certificate association data to be matched. string
matchingType The matching type specifies how the certificate association is presented. int
selector The selector specifies which part of the TLS certificate presented by the server will be matched against the association data. int
usage The usage specifies the provided association that will be used to match the certificate presented in the TLS handshake. int

TxtRecord

Name Description Value
value The text value of this TXT record. string[]

Usage Examples

Terraform (AzAPI provider) resource definition

The dnsZones/CAA resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/dnsZones/CAA resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/dnsZones/CAA@2023-07-01-preview"
  name = "string"
  parent_id = "string"
  body = {
    etag = "string"
    properties = {
      AAAARecords = [
        {
          ipv6Address = "string"
        }
      ]
      ARecords = [
        {
          ipv4Address = "string"
        }
      ]
      caaRecords = [
        {
          flags = int
          tag = "string"
          value = "string"
        }
      ]
      CNAMERecord = {
        cname = "string"
      }
      DSRecords = [
        {
          algorithm = int
          digest = {
            algorithmType = int
            value = "string"
          }
          keyTag = int
        }
      ]
      metadata = {
        {customized property} = "string"
      }
      MXRecords = [
        {
          exchange = "string"
          preference = int
        }
      ]
      NAPTRRecords = [
        {
          flags = "string"
          order = int
          preference = int
          regexp = "string"
          replacement = "string"
          services = "string"
        }
      ]
      NSRecords = [
        {
          nsdname = "string"
        }
      ]
      PTRRecords = [
        {
          ptrdname = "string"
        }
      ]
      SOARecord = {
        email = "string"
        expireTime = int
        host = "string"
        minimumTTL = int
        refreshTime = int
        retryTime = int
        serialNumber = int
      }
      SRVRecords = [
        {
          port = int
          priority = int
          target = "string"
          weight = int
        }
      ]
      targetResource = {
        id = "string"
      }
      TLSARecords = [
        {
          certAssociationData = "string"
          matchingType = int
          selector = int
          usage = int
        }
      ]
      trafficManagementProfile = {
        id = "string"
      }
      TTL = int
      TXTRecords = [
        {
          value = [
            "string"
          ]
        }
      ]
    }
  }
}

Property Values

Microsoft.Network/dnsZones/CAA

Name Description Value
etag The etag of the record set. string
name The resource name string (required)
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: dnsZones
properties The properties of the record set. RecordSetProperties
type The resource type "Microsoft.Network/dnsZones/CAA@2023-07-01-preview"

AaaaRecord

Name Description Value
ipv6Address The IPv6 address of this AAAA record. string

ARecord

Name Description Value
ipv4Address The IPv4 address of this A record. string

CaaRecord

Name Description Value
flags The flags for this CAA record as an integer between 0 and 255. int
tag The tag for this CAA record. string
value The value for this CAA record. string

CnameRecord

Name Description Value
cname The canonical name for this CNAME record. string

Digest

Name Description Value
algorithmType The digest algorithm type represents the standard digest algorithm number used to construct the digest. See: https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml int
value The digest value is a cryptographic hash value of the referenced DNSKEY Resource Record. string

DsRecord

Name Description Value
algorithm The security algorithm type represents the standard security algorithm number of the DNSKEY Resource Record. See: https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml int
digest The digest entity. Digest
keyTag The key tag value is used to determine which DNSKEY Resource Record is used for signature verification. int

MxRecord

Name Description Value
exchange The ___domain name of the mail host for this MX record. string
preference The preference value for this MX record. int

NaptrRecord

Name Description Value
flags The flags specific to DDDS applications. Values currently defined in RFC 3404 are uppercase and lowercase letters "A", "P", "S", and "U", and the empty string, "". Enclose Flags in quotation marks. string
order The order in which the NAPTR records MUST be processed in order to accurately represent the ordered list of rules. The ordering is from lowest to highest. Valid values: 0-65535. int
preference The preference specifies the order in which NAPTR records with equal 'order' values should be processed, low numbers being processed before high numbers. Valid values: 0-65535. int
regexp The regular expression that the DDDS application uses to convert an input value into an output value. For example: an IP phone system might use a regular expression to convert a phone number that is entered by a user into a SIP URI. Enclose the regular expression in quotation marks. Specify either a value for 'regexp' or a value for 'replacement'. string
replacement The replacement is a fully qualified ___domain name (FQDN) of the next ___domain name that you want the DDDS application to submit a DNS query for. The DDDS application replaces the input value with the value specified for replacement. Specify either a value for 'regexp' or a value for 'replacement'. If you specify a value for 'regexp', specify a dot (.) for 'replacement'. string
services The services specific to DDDS applications. Enclose Services in quotation marks. string

NsRecord

Name Description Value
nsdname The name server name for this NS record. string

PtrRecord

Name Description Value
ptrdname The PTR target ___domain name for this PTR record. string

RecordSetProperties

Name Description Value
AAAARecords The list of AAAA records in the record set. AaaaRecord[]
ARecords The list of A records in the record set. ARecord[]
caaRecords The list of CAA records in the record set. CaaRecord[]
CNAMERecord The CNAME record in the record set. CnameRecord
DSRecords The list of DS records in the record set. DsRecord[]
metadata The metadata attached to the record set. RecordSetPropertiesMetadata
MXRecords The list of MX records in the record set. MxRecord[]
NAPTRRecords The list of NAPTR records in the record set. NaptrRecord[]
NSRecords The list of NS records in the record set. NsRecord[]
PTRRecords The list of PTR records in the record set. PtrRecord[]
SOARecord The SOA record in the record set. SoaRecord
SRVRecords The list of SRV records in the record set. SrvRecord[]
targetResource A reference to an azure resource from where the dns resource value is taken. SubResource
TLSARecords The list of TLSA records in the record set. TlsaRecord[]
trafficManagementProfile A reference to an azure traffic manager profile resource from where the dns resource value is taken. SubResource
TTL The TTL (time-to-live) of the records in the record set. int
TXTRecords The list of TXT records in the record set. TxtRecord[]

RecordSetPropertiesMetadata

Name Description Value

SoaRecord

Name Description Value
email The email contact for this SOA record. string
expireTime The expire time for this SOA record. int
host The ___domain name of the authoritative name server for this SOA record. string
minimumTTL The minimum value for this SOA record. By convention this is used to determine the negative caching duration. int
refreshTime The refresh value for this SOA record. int
retryTime The retry time for this SOA record. int
serialNumber The serial number for this SOA record. int

SrvRecord

Name Description Value
port The port value for this SRV record. int
priority The priority value for this SRV record. int
target The target ___domain name for this SRV record. string
weight The weight value for this SRV record. int

SubResource

Name Description Value
id Resource Id. string

TlsaRecord

Name Description Value
certAssociationData This specifies the certificate association data to be matched. string
matchingType The matching type specifies how the certificate association is presented. int
selector The selector specifies which part of the TLS certificate presented by the server will be matched against the association data. int
usage The usage specifies the provided association that will be used to match the certificate presented in the TLS handshake. int

TxtRecord

Name Description Value
value The text value of this TXT record. string[]

Usage Examples

Terraform Samples

A basic example of deploying DNS CAA Record.

terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}

provider "azapi" {
  skip_provider_registration = false
}

variable "resource_name" {
  type    = string
  default = "acctest0001"
}

variable "___location" {
  type    = string
  default = "westeurope"
}

resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  ___location = var.___location
}

resource "azapi_resource" "dnsZone" {
  type                      = "Microsoft.Network/dnsZones@2018-05-01"
  parent_id                 = azapi_resource.resourceGroup.id
  name                      = "${var.resource_name}.com"
  ___location                  = "global"
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

resource "azapi_resource" "CAA" {
  type      = "Microsoft.Network/dnsZones/CAA@2018-05-01"
  parent_id = azapi_resource.dnsZone.id
  name      = var.resource_name
  body = {
    properties = {
      TTL = 300
      caaRecords = [
        {
          flags = 1
          tag   = "issuewild"
          value = ";"
        },
        {
          flags = 0
          tag   = "iodef"
          value = "mailto:terraform@nonexist.tld"
        },
        {
          flags = 0
          tag   = "issue"
          value = "example.com"
        },
        {
          flags = 0
          tag   = "issue"
          value = "example.net"
        },
      ]
      metadata = {
      }
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}