What CAA Records Do
CAA records allow domain owners to specify which certificate authorities(CAs) are allowed to issue SSL certificates for their domains. Each domain may contain multiple CAA records.
The CAA record prevents any other Certificate Authority from issuing an SSL certificate for your domain. Only the CA(s) you authorized in the CAA record, can issue an SSL certificate for your domain.
Setting Up CAA Records
CAA records are defined by RFC 6844 and specify the following fields:
CAA <flags> <tag> <value>
flags is an unsigned integer between 0 and 255.
tag is a non-zero sequence of US-ASCII letters and numbers in lowercase.
value is the <character-string> encoding of the value field.
$ORIGIN example.com @ CAA 0 issue "ca.example.net" @ CAA 0 iodef "mailto:[email protected]" @ CAA 0 iodef "http://iodef.example.com/"
To Create A CAA Record to your Managed DNS Zone
Select Zones from the top level menu bar.
Select the Zone where you will create the CAA record.
Select Add Record.
In the Add Record view do the following:
Select CAA from the drop-down menu.
Enter sub-domain or leave blank for the root level record.
Enter the field values as defined in the section of this document, Setting Up CAA Records.
Select Save All Changes.