⬆️ ⬇️

CAA DNS record. Why do I need and how to use?

CAA (Certification Authority Authorization) is a new type of DNS record designed to identify certification authorities that are allowed to issue SSL / TLS certificates for a specific domain name or subdomain.



The largest and most popular certificate authorities agreed that starting from September 8, 2017 it is imperative to strictly follow the instructions specified in the CAA records of the domain name or subdomain for which the certificate is requested.



Using CAA-records will increase the level of security on the Internet and reduce the cases of unauthorized obtaining of certificates for third-party domain names.

')

I have prepared a detailed instruction that explains the possibilities of CAA records and the format for its use.



Record format:



CAA <flags> <tag> <value>


The value of a CAA record consists of three parts, separated by a space:



flag



The flag value is an 8-bit number, the most significant bit of which indicates the criticality of understanding of a record by a certification authority. The following values ​​are currently valid:





tag



The tag value can be one of the following values:





value



The value value depends on the tag value and must be enclosed in double quotes ( "" ).



Some certificate authorities allow you to use advanced parameters for the value value . In this case, the parameters must be separated by a semicolon ( ; ).



Example: 0 issue "comodoca.com; account = 12345"




Features:





How to check?

dig example.com caa


Who supports?



CAA record is not supported by all DNS providers. Actual list as of August 30, 2017 in alphabetical order:



Afraid.org Free DNS

Amazon Route 53

Buddyns

Cloudflare

ClouDNS

Constellix DNS

DNSimple

DNS Made Easy

Dyn Managed DNS

Domeneshop

Google Cloud DNS

Gandi

Hurricane Electric Free DNS

Neustar UltraDNS

NS1

Zilore



Online generators?



You can use this or this online generator to correctly and quickly create the necessary CAA records.

Source: https://habr.com/ru/post/336738/



All Articles