API DNS Management

Cyb3r-Jak3 · August 21, 2019, 3:49pm

Just wanted to give everyone a heads up but I wrote a python script to create DNS records using the API.

It is a quick script that supports A, SRV, SSHFP, and CAA records being created. I do plan on adding more types but those were the ones that I saw were having issues. I have tested it and it creates all records correctly.

It is available on Gitlab here.

Cyb3r-Jak3 · August 21, 2019, 3:51pm

@netravnen
@blandyuk
@mnordhoff
@montreal (creates SRV records with _tls if you still need it)
@huynhnguyenthuan0910

mnordhoff · August 21, 2019, 4:25pm

Thanks!

If you don’t mind the question, how did you figure out how to do it?

I didn’t want to drag the previous topic off-topic (now I’ll do so here) but despite support’s reference to the API documentation, it does not document CAA records at all.

My previous attempts to create CAA records with python-Cloudflare had all ended in failure. Seeing how you did it with raw requests, now I get it.

>>> import Cloudflare
>>> cf = Cloudflare.Cloudflare()
>>> zone_id = 'xxx'
>>> data = {'name': 'yyy', 'type': 'CAA', 'data': {'flags': 0, 'tag': 'issue', 'value': ';'}}
>>> cf.zones.dns_records.post(zone_id, data=data)

I get how to do it now – list your existing records (I had some, luckily), completely ignore the content field, mimic the data field instead – but I had no idea before.

Cyb3r-Jak3 · August 21, 2019, 4:31pm

Trial and error. According to the documentation CAA is not supported type but it is still worked.
For the record I crafted a request with the type of CAA and it came back saying it needed the data field so I found what a CAA record needs and added it and it worked.

blandyuk · August 21, 2019, 5:32pm

All good stuff Python or Perl is fine.

Jake1st: Did you test all types of CAA records? Example from https://caatest.co.uk/:

0 iodef “mailto:[email protected]”
0 issue “comodoca.com”
0 issue “digicert.com”
0 issue “letsencrypt.org”
0 issuewild “comodoca.com”
0 issuewild “digicert.com”
0 issuewild “letsencrypt.org”

All the above apart from the “iodef” are added via CF anyway so no need to add them again. You can check with the CAA Checker link above.

Cyb3r-Jak3 · August 21, 2019, 5:49pm

@blandyuk
Yes, all types where tested. Just make sure that you add mailto: for an iodef record as it script does not change based on iodef or issue choice.

blandyuk · August 23, 2019, 3:44pm

OK good work.

Just logged in and their UI is still broken for CAA records! Not rushing to fix it eh! Their page did display a feedback survey for the new DNS UI lol they REALLY should not have shown me that. I left my review for them to hopefully not make this stupid mistake again!

It’s called “TESTING” for a reason. Clearly it was not tested enough.

cs-cf · August 23, 2019, 3:56pm

We try very hard to make each stupid mistake new and exciting… making the same ones is so boring.

Topic		Replies	Views
Create CAA Record using API v4 API	2	2697	January 28, 2023
Create a CNAME record with api DNS & Network	2	1127	December 30, 2023
CAA Record for site hosted by with CNAME record DNS & Network JanJam	4	3169	July 11, 2021
API: create a TLSA record API dns , dash-ssl-tls , dash-troubleshooting	8	4248	August 9, 2018
How to create some certain dns records using API DNS & Network	5	15635	October 18, 2020

API DNS Management

Related topics