We earn commission when you buy through affiliate links.
This does not influence our reviews or recommendations.Learn more.
Take advantage of the CAA DNS record to authorize CA to issue the TLS certificates.
What is DNS CAA?
CAA is one of the DNS record types which instruct CA if they should issue a certificate or not.
In another word, you are letting the world know who should issue your domainSSL/TLS certificate.
Lets take an example Geekflare owns a site called gf.dev, which has the following CAA record.
If I ask Thawte or other CA to issue a cert forgf.dev,then they wont be able to.
Also, if you pay attention, you will notice some entry hasissueand someissuewild.
Lets find out what they are.
What happens when no CAA record found?
This is a security risk.
Is it clear now?
There are a fewabbreviationsIve used above.
Lets check out what they are.
How to check the DNS CAA record?
There are multiple ways to validate the CAA record.
If you dont want to leave your terminal, then you’re free to check using dig command.
How to add a CAA record?
Technically, this is the same way as you add otherDNS recordslike A, NS, CNAME, etc.
Adding a CAA record doesnt cost you.
