whatsmydns.net - DNS Propagation Checker

CAA records for icann.org:

Record Type Flag Tag Value TTL
icann.org CAA 0 issuewild "letsencrypt.org" 600
icann.org CAA 0 issue "letsencrypt.org" 600
icann.org CAA 0 issuewild "amazon.com" 600
icann.org CAA 0 issuemail "sectigo.com" 600
icann.org CAA 0 issue "pki.goog" 600
icann.org CAA 0 issue "amazon.com" 600
icann.org CAA 0 issue "sectigo.com" 600
icann.org CAA 0 iodef "mailto:[email protected]" 600
icann.org CAA 0 issue "godaddy.com" 600
icann.org CAA 0 issuewild "sectigo.com" 600
id 23202, opcode QUERY, rcode NOERROR, flags QR RD RA
;QUESTION
icann.org. IN CAA
;ANSWER
icann.org. 600 IN CAA 0 issuewild "letsencrypt.org"
icann.org. 600 IN CAA 0 issue "letsencrypt.org"
icann.org. 600 IN CAA 0 issuewild "amazon.com"
icann.org. 600 IN CAA 0 issuemail "sectigo.com"
icann.org. 600 IN CAA 0 issue "pki.goog"
icann.org. 600 IN CAA 0 issue "amazon.com"
icann.org. 600 IN CAA 0 issue "sectigo.com"
icann.org. 600 IN CAA 0 iodef "mailto:[email protected]"
icann.org. 600 IN CAA 0 issue "godaddy.com"
icann.org. 600 IN CAA 0 issuewild "sectigo.com"
;AUTHORITY
;ADDITIONAL

Show results globally →

CAA Record Lookup

whatsmydns.net CAA Record Lookup tool lets you query DNS servers and get instant results.

Certification Authority Authorization or CAA lookups are used to determine the CAA records associated with a domain.

Looking for easier to understand results? Use the Global DNS Checker tool.

DNS CAA Record

CAA records, or Certificate Authority Authorization records are used to specify which Certificate Authorities (CA's) are allowed to issue certificates for a domain

Example CAA record

An example CAA record may look like the following:

Domain Type Flag Tag Value TTL
example.com CAA 0 issue "certificateauthority.com" 3600

example.com represents domain that the record is for.

CAA is the record type.

0 is the record flag. Currently the only supported value for the flag is 0, but is defined to allow for future expansion.

issue is the record tag. Available tags for CAA records are: issue, issuewild and iodef

"certificateauthority.com" is the value of the record. This defines that only this certificate authority is allowed to issue certificates for this domain name.

3600 is the TTL (time to live) of the record in seconds, this example represents 1 hour. This means that when a record has had updates made to it, then it will take 1 hour to update.