The Certification Authority Authorization (CAA)

The Certification Authority Authorization (CAA) DNS Resource Record allows a DNS domain name holder to specify one or more Certification Authorities (CAs) authorized to issue certificates for that domain.

How to check a domain’s CAA record which is identified by a type257 DNS record:

$ dig +short -t TYPE257 google.com
\# 19 0005697373756573796D616E7465632E636F6D

For more information:

  1. http://en.wikipedia.org/wiki/List_of_DNS_record_types
  2. http://tools.ietf.org/html/rfc6844
https://www.puttygen.net/