How to add a Certification Authority Authorization (CAA) record in a hosted DNS

Article Number: 000070642

User-added image
If you use a hosted DNS service, here is how you add a CAA record.

Please refer to the table below for instructions. Please note that several hosted DNS service providers are yet to support CAA. This article will be continuously updated as Hosted DNS providers adopt CAA.
 

Hosted DNS provider: How to add a CAA record:
dnsimple 1. Log into your DNSimple portal.
2. After logging in, you will be directed to the DNSimple dashboard.
3. Click on the icon next to your domain name to jump directly to your DNS record.
4. Click on Add button and select CAA to add a new CAA record.
5. Enter or select: 
Name: Leave blank
Provider: Select your provider
Certificate Type: Either Standard or Wildcard
Note: If you need both of the certificate types, then you need to create a second CAA record with the different certificate type selected.
TTL: Leave it default as 1 hour
At this point, your CAA record has been added.
DNS Made Easy

1. Log in to the DNS Made Easy portal.
2. You will be directed to main dashboard screen. On the menu, select DNS > Managed DNS.
3. On the Managed DNS screen, go to the Select Domain tab and click See All to list all of your domains.
4. Select the domain name for which you wish to add the CAA Record  Scroll down to the bottom of the page to find the section called CAA Records and select the + icon.
5. Create your record using the values below:
Name: Leave it blank as default
Provider: Click on down arrow button to select your provider
Type: Select issue or issuewild
NOTE: If you need for both non-wildcard and wildcard certificate types, you must create a new CAA record later to select issuewild.
Value:  Auto populate based on the Provider field selection
Issuer Critical: Leave it as default
TTL: Leave it as default
6. Click Submit button to save your entries. Click close button if you don’t need to add any additional CAA records. 

The new CAA record will now show under your CAA Records account details.
Dyn Managed DNS 1. Login to your Dyn Managed DNS account. 
2. You will be directed to the dashboard.
3. On the dashboard on the Zones section, you should see the list of your Zone names. Click on the Manage link to open your zone information.
4. Your zone record will show as below:
5. Click on the dropdown menu to Add a New Record. Scroll all the way down and select the option CAA (Certification Authority Auth).
6. Fill in the information as below:
TTL: Leave it as default
Flags: 0
Tag: issue
Value: [enter the CAA value related to your provider]
7. Click the Add button to save your record. You should be directed back to your Zone dashboard area and there will be a Zone Message notification to remind you about the changes. Select Review Changes and Publish! to proceed.
8. Click on Publish Zone to complete the process.
NOTE: You need to Publish the record to make it active on your DNS.

At this point, the CAA record has been added.
Constellix DNS 1. Select Managed DNS and click on Domains.
2. Select the Domain Name you want to add an A record to.
3. Under the CAA Records section, select the + icon to add a record.

4. In this screen, you will add the record information. Follow the steps below:

A) Name: This will be the identifier for your record. It is important to note, the domain name is automatically appended to the “Name” field of the record.
B) TTL: Edit the TTL. Time to Live is measured in seconds and is the amount of time the record will cache in resolving name servers and web browsers.
C) Providers: In the drop down menu choose your CA (certificate authority) provider. The hostname of your provider will automatically populate the Value box. If your provider is not listed, then choose other, and enter the hostname of the provider in the Value box.
D) Tag: Tags allow you to choose how you want certificates to be issued by the CA. Each CAA record can contain only one tag-value pair. Refer to the Configuration section for more details on the kinds of tags.
E) Note: Add a helpful note with keywords so you can search for your records later.
F) Save and Close: Save your changes. Don’t forget to commit your changes.
Cloudfare NOTE: CAA is currently under Beta phase for Cloudflare user. In order to use this record, user needs to get the permission directly with Cloudflare Support Team.
1. Login to Cloudflare account.
2. You will be directed to the dashboard.
3. Select the DNS icon at the top of the screen. You will be directed to your zone records screen.
4. You can start to add your CAA record by selecting CAA in the drop down box shown below:
5. Input the values shown below:
Type (Drop-down box): Select CAA
Name field: Your own domain name.
Tag: Leave it as default. The default contains “Allow wildcards and specific hostnames”
Value: [enter value associated to authorized Certification Authority]
6.  Click Save and then Add record.

At this point your CAA record has been successfully added.
ClouDNS 1. Login to your ClouDNS account.
2. You will be directed to the dashboard. Under your DNS zones section, you should see your zone name.
3. Click on your DNS zone name to open your zone records.
4. You can start to add your CAA record by selecting CAA on the record type header.
Insert the entries shown below: 
Type (record): CAA
TTL: Leave it as default. Example: 1 hour
Host: Your host name. (auto populate, leave it as default)
Flag: Leave it as default
Type: Leave it as default which is “issue”
Unless you are creating record for wildcard certificates, in which case select "issuewild"
Value: [enter value related to authorized Certification Authority]
6. Click Save to save your new entry.

At this point your CAA record has been successfully added.
Afraid.org Free DNS Afraid.org Free DNS does support CAA, however, in order to seek support with adding a CAA record, please contact them directly using the contact information provided here.
Neustar UltraDNS Neustar Ultra DNS does support CAA, however, in order to seek support with adding a CAA record, please contact them directly using the contact information provided here.
Gandi

1. Using the Gandi DNS, from the zone file edition page, choose a new version and then on the right, select the “expert mode” for editing your zone.

2. Add the CAA record to the zone file. 

3. After you have saved your version of the zone, remember to activate it for it to take effect.
Domeneshop (Domainnnameshop) Domeneshop (Domainnnameshop) does support CAA, however, in order to seek support with adding a CAA record, please contact them directly using the contact information provided here.
Google Cloud DNS 1.Login to your Google Cloud 
2. On the Google Cloud Platform, go to  Network Services and then select Cloud DNS to open the Cloud DNS administration page.
3. The Google Cloud DNS configuration site will be opened. You will see your current zone record inside this page.
5. Click on your Zone name, the detail settings information for your zone record will be opened.
6. Click on Add Record Set. Type the below entries to the record:
DNS Name: Your domain name.
Resource Record Type :CAA
Certificate Authority Authorization: [enter value relating to authorized Certification Authority]
7. Click on the Create button to save the entry and at this point your CAA record has been created inside your zone file
GoDaddy Supported – Please contact GoDaddy for instructions.
BuddyNS Supported – Please contact BuddyNS for instructions.
ezreg.com (Netregistry) Supported – Please contact ezreg.com for instructions.
Google Domains DNS Not yet supported.
Hurricane Electric Free DNS Supported- Please contact Hurricane Electric Free DNS for instructions.
Mythic Beasts Supported – Please contact Mythic Beasts for instructions.
NameBright Supported – Please contact NameBright for instructions.
Neustar UltraDNS Supported – Please contact Neustar UltraDNS for instructions.
NS1 Supported – Please contact NS1 for instructions.
Nucleus NV Supported – Please contact Nucleus NV for instructions.
Route 53 (Amazon) Supported – Please contact Amazon Route 53 developed guide for instructions.
Zilore Supported – Please contact Zilore for instructions.

If you have any questions or concerns please contact the AffirmTrust department for further assistance: 

Support Hours of Operation: 
Sunday 8PM ET to Friday 8PM ET
[email protected]