Menu

How to add DNS CAA record to a DNS zone file

Jul 12, 2020

How to add DNS CAA record to a DNS zone file

Introduction

This article will provide the guidelines in adding a Certification Authority Authorization (CAA) record to your DNS zone file. If this is not the solution you are looking for, please search for your solution in the search bar above. Note: If you have any issues or questions whether CAA is supported with your setup, contact your DNS manager for further details. 

Prerequisites

Firstly, you must know which syntax type to use when configuring your DNS zone file depending on your DNS product type. Please refer to the table below: 

Syntax Type


DNS Product


Example

Standard BIND
(RFC 6844)

BIND (version 9.9.6 and higher)
Knot DNS (version 2.2.0 and higher)
NSD (version 4.0.1 and higher)
PowerDNS (version 4.0.0 and higher)




example.com.       CAA       0 issue "globalsign.com"

Legacy BIND
(RFC 3597)

BIND (any version prior to BIND 9.9.6)
NSD (any version prior to NSD 4.0.1)


example.com. IN TYPE257 \#21 00056973737565676C6F62616C7369676E2E636F6D 

Generic

Google Cloud DNS
DNSimple

0 issue "globalsign.com"

Guidelines

  1. Open your domain's DNS zone file in a notepad. Note: You can find your DNS records on the machine where your domain is registered. 
  2. Configure the file to include your desired CA(s) in your DNS CAA record. You can check the table above for your reference. Note: You can add more than one CA in a DNS CAA record, as adding only one CA will limit issuance of SSL/TLS certificates on that domain to just that CA. 
  3. Save your zone file and close the notepad. 

References

1. Ballot 187 - Make CAA Checking Mandatory
2. DNS Certification Authority Authorization (CAA) Resource Code
3. Handling of Unknown DNS Resource Record (RR) Types

Related Articles

DomainSSL Overview

Feb 28, 2020, 7:27 AM

An Overview of DomainSSL As one of the most popular SSL Certificates on the web, DomainSSL is one of the fastest and most affordable ways to activate strong SSL protection for your website. DomainSSL is fully automated which means you'll be able to start protecting your ecommerce, logins, webmail and more in just a few minutes, 24/7. keywords: domain ssl overview, domain ssl certificates, dv ssl certificates, dvssl, dv, ssl, domain overview

Read More

OrganizationSSL Overview

Mar 2, 2020, 7:38 AM

High assurance OrganizationSSL Certificates provide instant identity confirmation and strong SSL protection for your website. Your customers see that GlobalSign has authenticated your identity - strengthening their trust that they're doing business with the right people.

Read More

How to add DNS CAA record in a hosted DNS

Mar 8, 2020, 3:46 PM

This article will provide the guidelines in adding a Certification Authority Authorization (CAA) record in a hosted DNS. If this is not the solution you are looking for, please search for your solution in the search bar above. Note: If you have any issues or questions whether CAA is supported with your setup, contact your DNS manager for further details.

Read More

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support