add support for CAA records

diff --git a/db.example.com.py b/db.example.com.py
index 349d958f232ab96c53de1a31866fcd57981c30fd..310a6bfaafc89b19450a8daa6286fbb36f63bc0c 100644 (file)
--- a/db.example.com.py
+++ b/db.example.com.py
@@ -27,7 +27,8 @@ __zone__ = Zone('example.com.', serialfile = 'db.example.com.srl',
     secondary_refresh = 6*hour, secondary_retry = 1*hour, secondary_expire = 7*day,
     # Here come the actual domains. Each takes records as argument, either individually or as lists.
     domains = {
-        '@':            Name(one, mail, HTTPS('0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef')), # this will all all records from the list "one" and the list "mail" to this name
+        '@':            Name(one, mail, HTTPS('0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef')), # this will add all records from the list "one" and the list "mail" to this name
+        '@':            Name(CAA(0, CAA.Tag.Issue, "letsencrypt.org")),
         'ns':           Name(one),
         'ipv4.ns':      Name(one4), # just a single record
         'ipv6.ns':      Name(one6),

diff --git a/zone.py b/zone.py
index a74ee1858361619774a8f12ba8748b279ed18d64..d325915074b943a9ee11aeaddf1aa3fe0417e163 100644 (file)
--- a/zone.py
+++ b/zone.py
@@ -259,6 +259,19 @@ class TLSA:
     def generate_rr(self):
         return RR('_{}._{}'.format(self._port, self._protocol), 'TLSA', '{} {} {} {}'.format(self._usage, self._selector, self._matching_type, self._data))
 
+class CAA:
+    class Tag:
+        Issue = "issue"
+        IssueWild = "issuewild"
+
+    def __init__(self, flag: int, tag: str, value: str) -> None:
+        self._flag = int(flag)
+        self._tag = str(tag)
+        self._value = str(value)
+
+    def generate_rr(self):
+        return RR('@', 'CAA', '{} {} {}'.format(self._flag, self._tag, self._value))
+
 
 class CNAME:
     def __init__(self, name: str) -> None: