The Certification Authority Authorization (CAA)


The Certification Authority Authorization (CAA) DNS Resource Record allows a DNS domain name holder to specify one or more Certification Authorities (CAs) authorized to issue certificates for that domain.

How to check a domain’s CAA record which is identified by a type257 DNS record:

$ dig +short -t TYPE257 google.com
\# 19 0005697373756573796D616E7465632E636F6D

For more information:

  1. http://en.wikipedia.org/wiki/List_of_DNS_record_types
  2. http://tools.ietf.org/html/rfc6844

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.