As part of my migration to Bunny CDN for andreas-jaggi.ch, I also moved the DNS zone over.
There are not many records in the zone, but one which turned out to be a bit more tricky was the CAA one.

I wanted to use the following Terraform snippet to create it:

resource "bunnynet_dns_record" "andreas_jaggi_ch_CAA" {
  zone  = bunnynet_dns_zone.andreas_jaggi_ch.id
  name  = ""
  type  = "CAA"
  value = "0 issue \"letsencrypt.org;validationmethods=http-01\""
}

But this always failed with a cryptic error message during terraform apply:

│ Error: Unable to create DNS record
│
│   with bunnynet_dns_record.andreas_jaggi_ch_CAA,
│   on dns.tf line 22, in resource "bunnynet_dns_record" "andreas_jaggi_ch_CAA":
│   22: resource "bunnynet_dns_record" "andreas_jaggi_ch_CAA" {
│
│ A tag can be a maximum of 50 ASCII characters.

After some head-scratching I figured out that the Terraform provider has dedicated fields for the flags and tag parts of the CAA DNS record.
And it insists on them being used this way:

resource "bunnynet_dns_record" "andreas_jaggi_ch_CAA" {
  zone  = bunnynet_dns_zone.andreas_jaggi_ch.id
  name  = ""
  type  = "CAA"
  tag   = "issue"
  flags = 0
  value = "letsencrypt.org;validationmethods=http-01"
}

With this in place, it worked fine.
And it prepared me also for the MX record where a similar approach is required.