- /
- /
- /
How to add a Certification Authority Authorization (CAA) record to your DNS zone file
Article Number: 000070641
How to add a Certification Authority Authorization (CAA) record to your DNS zone file
Pre-requirement:
You must know which syntax to use when configuring your DNS zone file. This depends on your DNS. Please see the table below to determine the syntax type to use when configuring your CAA record.
| Syntax Type | DNS Product |
| Standard BIND | BIND 9.9.6 and higher, PowerDNS 4.0.0 and higher NSD 4.0.1 and higher Knot DNS 2.2.0 and higher |
| Legacy BIND |
Any version prior to BIND 9.9.6 |
| Generic | Google Cloud DNS |
How to add a CAA record:
1. Open your domain's DNS zone file in Notepad.
2. You will have to configure the file to determine the CA(s) you wish to include your CAA record. Note that only adding one CA will limit issuance of SSL/TLS certificates on that domain to just that CA. Also note that domains may have more than one CA listed in a CAA record.
In order to add a CAA record, add the below to your DNS zone file (please be sure to select the correct syntax):
*using "example.com" as the domain name
| Standard BIND Zone File |
| example.com. CAA 0 issue "<entry related to authorized CA>" |
| Legacy BIND Zone File |
| example.com. <entry related to authorized CA> |
| Generic |
| 0 issue "<entry related to authorized CA>" |
3. Save your zone file and exit Notepad.
If you have any questions or concerns, please contact AffirmTrust support.
If you have any questions or concerns, please contact AffirmTrust support.
Support Hours of Operation:
Sunday 8PM ET to Friday 8PM ET
[email protected]
