VERCEL: handle more CAA edge case

SukkaW · SukkaW · commit ea0c0f09f01a · 2025-11-22T15:42:10.000+08:00
diff --git a/providers/vercel/auditrecords.go b/providers/vercel/auditrecords.go
@@ -1,6 +1,8 @@
 package vercel
 
 import (
+	"errors"
+
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/rejectif"
 )
@@ -25,5 +27,26 @@ func AuditRecords(records []*models.RecordConfig) []error {
 	// bad_request - Invalid request: missing required property `value`.
 	a.Add("TXT", rejectif.TxtIsEmpty)
 
+	// last verified 2025-11-22
+	// bad_request - invalid_value - The specified value is not a fully qualified domain name.
+	a.Add("CAA", rejectif.CaaHasEmptyTarget)
+	a.Add("CAA", rejectifCaaTargetIsSemicolon)
+
+	// last verified 2025-11-22
+	// Vercel misidentified extra fields in CAA record `0 issue letsencrypt.org; validationmethods=dns-01; accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/1234`
+	// as "cansignhttpexchanges", and add extra incorrect validation on the value
+	// let's ignore all whitespace for now, i should report this to Vercel though, as
+	// it uses NS1 as its provder and NS1 definitly allows it.
+	//
+	// invalid_value - Unexpected "cansignhttpexchanges" value.
+	a.Add("CAA", rejectif.CaaTargetContainsWhitespace)
+
 	return a.Audit(records)
 }
+
+func rejectifCaaTargetIsSemicolon(rc *models.RecordConfig) error {
+	if rc.GetTargetField() == ";" {
+		return errors.New("caa target cannot be ';'")
+	}
+	return nil
+}
