Knowledge Base

What Is a CAA Record

A CAA Record (Certification Authority Authorization Record) is a DNS record that is used by domain owners to identify which Certificate Authority (CA) is allowed to issue certificates for a specific domain. This is particularly useful for domains and websites which have been secured with an SSL certificate.

The CAA Record of the main Domain Name can be succeeded by its subdomains. Thus, if you have set a CAA Record for mydomain.com, it will also be applied to any of its subdomains, such as example.mydomain.com - setting the policy for the entire domain, unless it is overridden. The issuance can also be controlled for single-name certificates, wildcard, or both.

Elements of a CAA Record

The CAA Record is obtained from the SSL Provider and will contain the following elements:

Flag This indicates whether the record is critical or not and is represented by an integer between 0-255, with zero being the least critical flag.

Note: There are only two options available in our Account Manager: 0 (not critical) and 128 (critical).

Tag This controls the issuance of the record. There are two tags currently available for this record:
  • issue - This tag authorizes a single CA to issue any type of certificate for the hostname.
  • issuewild - This tag authorizes a single CA to issue ONLY a wildcard certificate for the hostname.
Value This is a specific value associated to the CA that you wish to allow for the domain.

In summary, a CAA Record will have the following standard formula:

Note: This record type is available for Domain Names registered with or transferred to Crazy Domains, which have free DNS only. You can create & update a CAA Record using your Account Manager's free DNS tools.

Our Premium DNS service does NOT support this record type yet.

Did you find this article helpful?

* Your feedback is too short