/caa

CAA DNS Record Validator for Go and Command Line

Primary LanguageGoBSD 2-Clause "Simplified" LicenseBSD-2-Clause

CAA Validator

CAA Validator is a Go package and command line utility for fetching and validating CAA Certificate Authority Authorization records from DNS.

Getting Started

Setup

Grab the latest binary from the releases page.

To build from source or hack on CAA Validator, you can install via go get:

go get -u github.com/jamescun/caa/cmd

Usage

To fetch all CAA records associated with the domain www.digicert.com, run:

$ caa www.digicert.com
CAA Records for www.digicert.com
  digicert.com.
    issuewild  digicert.com
    issue      digicert.com

This will fetch all CAA records associated with www.digicert.com, digicert.com and com using Google DNS.

To use a resolver other than Google DNS (inheriting system resolver is TODO), such as OpenDNS, apply the --resolver option:

$ caa --resolver=208.67.222.222 www.digicert.com
CAA Records for www.digicert.com
  digicert.com.
    issuewild  digicert.com
    issue      digicert.com

To output JSON as opposed to a human readable output, apply the --json option:

$ caa --json www.digicert.com
{
  "records":[
    {
      "name":"digicert.com.",
      "issuers":[
        {
          "name":"digicert.com",
          "wildcard":false,
          "critical":false
        },
        {
          "name":"digicert.com",
          "wildcard":true,
          "critical":false
        }
      ]
    }
  ]
}