CAA Records

What CAA Records Do

CAA records allow domain owners to specify which certificate authorities(CAs) are allowed to issue SSL certificates for their domains. Each domain may contain multiple CAA records.

Setting Up CAA Records

CAA records are defined by RFC 6844 and specify the following fields:

CAA <flags> <tag> <value>

Where:

flags is an unsigned integer between 0 and 255.
tag is a non-zero sequence of US-ASCII letters and numbers in lowercase.
value is the <character-string> encoding of the value field.

Example:

$ORIGIN example.com
@  CAA 0 issue "ca.example.net"
@  CAA 0 iodef "mailto:[email protected]"
@  CAA 0 iodef "http://iodef.example.com/"


To Create A CAA Record to your Managed DNS Zone

  1. Select Zones from the top level menu bar.

  2. Select the Zone where you will create the CAA record.

  3. Select Add Record.

  4. In the Add Record view do the following:

NS1_CAA_Record_Portal2_UI.png


  1. Select CAA from the drop-down menu.

  2. Enter sub-domain or leave blank for the root level record.

  3. Enter the field values as defined in the section of this document, Setting Up CAA Records.

  4. Select Save All Changes.