Question

How to create DNS CAA Record with Terraform

Hello! I am trying to create a CAA record in DNS using digitalocean_record, digitalocean provider in Terraform. I am confused on what fields it wants.

I created a record manually and pulled it with API

        {
            "id": 159194908,
            "type": "CAA",
            "name": "@",
            "data": "letsencrypt.org",
            "priority": null,
            "port": null,
            "ttl": 3600,
            "weight": null,
            "flags": 0,
            "tag": "issue"
        }

When I create a block in Terraform with the same information I get an error.

resource "digitalocean_record" "web-caa-dns" {
  value = "letsencrypt.org"
  domain = "letsencrypt.org"
  type = "CAA"
  name = "@"
  ttl = 3600
  flags = 0
  tag = "issue"
}

Error Message:


Error: Failed to create record: POST https://api.digitalocean.com/v2/domains/letsencrypt.org/records: 422 (request "522...") Data needs to be a FQDN with issue or issuewild
with digitalocean_record.web-caa-dns
on dnsrecords.tf line 153, in resource "digitalocean_record" "web-caa-dns":

resource "digitalocean_record" "web-caa-dns" {

It says data needs to be fqdn but if I add

data = "domainname.com"

to Terraform it tells me that field isn’t expected.


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hi,

I had sort of the same issue and I fixed it, but Bobby Iliev is also right. Your terraform should be:

resource "digitalocean_record" "web-caa-dns" {
  value = "letsencrypt.org." # Notice the 'dot' after the domain to make it a DigitalOcean FQDN
  domain = [YOUR DOMAIN]
  type = "CAA"
  name = "@"
  ttl = 3600
  flags = 0
  tag = "issue"
}

Bit of a late answer, but I hope it helps someone.

Kind regards, Vic

Hi there,

I think that the domain part needs to be the domain that you are trying to add the DNS record to.

As from the error that you’ve shared, Terraform is trying to add this DNS record under the letsencrypt.org domain, which mostlikely does not exist under your account.

Let me know how it goes. Regards, Bobby