ADC CLI Commands

dns-caaRec

The following operations can be performed on “dns-caaRec”:

rm add show

rm dns caaRec

Removes the specified CAA record from the specified domain. For EDNS Client Subnet (ECS) records, a subnet needs to be specified to remove a CAA record which is cached for that particular subnet.

Synopsis

rm dns caaRec \(\( \[-tag ] \[-flag \( NONE | CRITICAL )]) | -recordId <positive\_integer>@) \[-ecsSubnet <ip\_addr\[/prefix]|ipv6\_addr\[/prefix]>]

Arguments

domain Domain name of the CAA record.

valueString Value associated with the chosen property tag in the CAA resource record. Enclose the string in single or double quotation marks.

recordId Unique, internally generated record ID. View the details of the CAA record to obtain its record ID. Records can be removedby either specifying the domain name and record id OR by specifying domain name and all other CAA record attributes as was supplied during the add command. Minimum value: 1 Maximum value: 65535

tag String that represents the identifier of the property represented by the CAA record. The RFC currently defines three available tags - issue, issuwild and iodef. Default value: “issue”

flag Flag associated with the CAA record.

Possible values: NONE, CRITICAL Default value: 5

ecsSubnet Subnet for which the cached CAA record need to be removed.

Example

rm dns caaRec certs.example.com ca1.example.net -tag issue rm dns caaRec wild.example.com ca2.example.net -tag issuwild

add dns caaRec

Creates a CAA record for the specified domain name. Each resource record is stored with a unique, internally generated record ID, which you can view and use to delete the record. You cannot modify a CAA resource record.

Synopsis

add dns caaRec \[-tag ] \[-flag \( NONE | CRITICAL )] \[-TTL ]

Arguments

domain Domain name of the CAA record.

valueString Value associated with the chosen property tag in the CAA resource record. Enclose the string in single or double quotation marks.

tag String that represents the identifier of the property represented by the CAA record. The RFC currently defines three available tags - issue, issuwild and iodef. Default value: “issue”

flag Flag associated with the CAA record.

Possible values: NONE, CRITICAL Default value: 5

TTL Time to Live (TTL), in seconds, for the record. TTL is the time for which the record must be cached by DNS proxies. The specified TTL is applied to all the resource records that are of the same record type and belong to the specified domain name. For example, if you add an address record, with a TTL of 36000, to the domain name example.com, the TTLs of all the address records of example.com are changed to 36000. If the TTL is not specified, the Citrix ADC uses either the DNS zone’s minimum TTL or, if the SOA record is not available on the appliance, the default value of 3600. Default value: 3600 Maximum value: 2147483647

Example

add dns caaRec certs.example.com ca1.example.net -tag issue add dns caaRec wild.example.com ca2.example.net -tag issuwild

show dns caaRec

Displays CAA records owned by the specified domain. If no domain name is specified, all configured CAA records are shown.

Synopsis

show dns caaRec [ | -type ]

Arguments

domain Domain name of the CAA record.

type Type of records to display. Available settings function as follows:

  • ADNS - Display all authoritative address records.
  • PROXY - Display all proxy address records.
  • ALL - Display all address records.

Possible values: ALL, ADNS, PROXY Default value: ADNS

Output

valueString Value associated with the chosen property tag in the CAA resource record. Enclose the string in single or double quotation marks.

tag String that represents the identifier of the property represented by the CAA record. The RFC currently defines three available tags - issue, issuwild and iodef.

flag Flag associated with the CAA record.

ecsSubnet Subnet for which this particular record is cached. Subnet caching will occur for responses with EDNS Client Subnet (ECS) option. Applies to resource records obtained through proxy configurations only

TTL Time to Live (TTL), in seconds, for the record. TTL is the time for which the record must be cached by DNS proxies. The specified TTL is applied to all the resource records that are of the same record type and belong to the specified domain name. For example, if you add an address record, with a TTL of 36000, to the domain name example.com, the TTLs of all the address records of example.com are changed to 36000. If the TTL is not specified, the Citrix ADC uses either the DNS zone’s minimum TTL or, if the SOA record is not available on the appliance, the default value of 3600.

recordId authType Authentication type.

devno count stateflag

Example

show dns caaRec certs.example.com show dns caaRec

dns-caaRec