How to add DNS CAA record to a DNS zone file

Jul 12, 2020

How to add DNS CAA record to a DNS zone file


This article will provide the guidelines in adding a Certification Authority Authorization (CAA) record to your DNS zone file. If this is not the solution you are looking for, please search for your solution in the search bar above. Note: If you have any issues or questions whether CAA is supported with your setup, contact your DNS manager for further details. 


Firstly, you must know which syntax type to use when configuring your DNS zone file depending on your DNS product type. Please refer to the table below: 

Syntax Type

DNS Product


Standard BIND
(RFC 6844)

BIND (version 9.9.6 and higher)
Knot DNS (version 2.2.0 and higher)
NSD (version 4.0.1 and higher)
PowerDNS (version 4.0.0 and higher)       CAA       0 issue ""

Legacy BIND
(RFC 3597)

BIND (any version prior to BIND 9.9.6)
NSD (any version prior to NSD 4.0.1) IN TYPE257 \#21 00056973737565676C6F62616C7369676E2E636F6D 


Google Cloud DNS

0 issue ""


  1. Open your domain's DNS zone file in a notepad. Note: You can find your DNS records on the machine where your domain is registered. 
  2. Configure the file to include your desired CA(s) in your DNS CAA record. You can check the table above for your reference. Note: You can add more than one CA in a DNS CAA record, as adding only one CA will limit issuance of SSL/TLS certificates on that domain to just that CA. 
  3. Save your zone file and close the notepad. 


1. Ballot 187 - Make CAA Checking Mandatory
2. DNS Certification Authority Authorization (CAA) Resource Code
3. Handling of Unknown DNS Resource Record (RR) Types

Related Articles

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support