diff --git a/dns/zones/resources.tf b/dns/zones/resources.tf
index 5c9f14c..ce136ab 100644
--- a/dns/zones/resources.tf
+++ b/dns/zones/resources.tf
@@ -33,7 +33,7 @@ resource "azurerm_dns_caa_record" "caa_records" {
     for zone in local.caa_records : "${zone.zone_name}.${zone.record_name}" => zone
   }
 
-  name                = each.value.record_name
+  name                = "@"
   zone_name           = each.value.zone_name
   resource_group_name = each.value.resource_group_name
   ttl                 = 300
@@ -44,6 +44,15 @@ resource "azurerm_dns_caa_record" "caa_records" {
     value = each.value.value
   }
 
+  dynamic "record" {
+    for_each = var.settings
+    content {
+      flags = 0
+      tag   = "issue"
+      value = record.value.value
+    }
+  }
+
   depends_on = [
     azurerm_dns_zone.dns_zone
   ]
diff --git a/domains/infrastructure/variables.tf b/domains/infrastructure/variables.tf
index c75ab38..a1c6edc 100644
--- a/domains/infrastructure/variables.tf
+++ b/domains/infrastructure/variables.tf
@@ -22,18 +22,7 @@ variable "azure_enable_monitoring" {
 
 locals {
   default_records = {
-    "caa_records" = {
-      "@" = {
-        "flags" = 0,
-        "tag"   = "issue",
-        "value" = "globalsign.com"
-      },
-      "@" = {
-        "flags" = 0,
-        "tag"   = "issue",
-        "value" = "digicert.com"
-      }
-    }
+    "caa_records" = ["globalsign.com", "digicert.com"],
     "txt_records" = {
       "@" = {
         "value" = "v=spf1 -all"