What is Certification Authority Authorization (CAA)?

Article Number: 000070640

User-added image
What is Certification Authority Authorization (CAA)?
How to add a CAA record to your DNZ zone file
How to add a CAA record in a hosted DNS
CAA Supported DNS Products

What is Certification Authority Authorization (CAA)?

Domain Name Servers (DNS) use Certification Authority Authorization (CAA) as a means of identifying which Certification Authorities are authorized to issue a certificate for that domain.

As a means of providing an additional layer of control to the DNS owner, CAA gives DNS owners the ability to determine which Certification Authorities are authorized to issue certificates on behalf of that domain name by configuring their DNS CAA record.
For the complete report on CAA, please see RFC 6844. 

How to add a CAA record to your DNS zone file

Please see our technote on how to add a CAA record to your DNS zone file.

How to add a CAA record in a hosted DNS

Please see the technote on how you can add a CAA record in a hosted DNS, and what hosted DNS service providers currently support CAA.

CAA Supported DNS Products:
BIND 10.1-2 
LDNS
NSD 4.0.1
Knot DNS
Google Cloud DNS

If you have any questions or concerns please contact the AffirmTrust department for further assistance: 

Support Hours of Operation: 
Sunday 8PM ET to Friday 8PM ET
[email protected]