Skip to content
Pricing RU Sign In
RU
← All DNS record types
CAA

Certification Authority Authorization

CAA specifies which Certificate Authorities are allowed to issue TLS certificates for the domain.

Syntax

domain TTL IN CAA flags tag "value"

Example

example.com.    300    IN    CAA    0 issue "letsencrypt.org"

When to use

When: you want to block any CA except approved ones from issuing certs. Strengthens security posture.

Common mistakes

Common mistakes: CA name typo — nobody can issue. Use issue "letsencrypt.org" and issuewild for wildcards.

Check CAA records for any domain:

Open DNS Lookup →

Related record types

TXT Text Record

Start monitoring for free

Sign up and get access to API, monitoring and notifications

Create Account API Documentation