CAA records for msn.com:
Record | Type | Flag | Tag | Value | TTL |
---|---|---|---|---|---|
msn.com | CAA | 0 | issue | "globalsign.com" | 3600 |
msn.com | CAA | 0 | issue | "microsoft.com" | 3600 |
msn.com | CAA | 0 | contactemail | "[email protected]" | 3600 |
msn.com | CAA | 0 | issue | "digicert.com" | 3600 |
id 12120, opcode QUERY, rcode NOERROR, flags QR RD RA ;QUESTION msn.com. IN CAA ;ANSWER msn.com. 3600 IN CAA 0 issue "globalsign.com" msn.com. 3600 IN CAA 0 issue "microsoft.com" msn.com. 3600 IN CAA 0 contactemail "[email protected]" msn.com. 3600 IN CAA 0 issue "digicert.com" ;AUTHORITY ;ADDITIONAL
whatsmydns.net CAA Record Lookup tool lets you query DNS servers and get instant results.
Certification Authority Authorization or CAA lookups are used to determine the CAA records associated with a domain.
Looking for easier to understand results? Use the Global DNS Checker tool.
CAA records, or Certificate Authority Authorization records are used to specify which Certificate Authorities (CA's) are allowed to issue certificates for a domain
An example CAA record may look like the following:
Domain | Type | Flag | Tag | Value | TTL |
---|---|---|---|---|---|
example.com | CAA | 0 | issue | "certificateauthority.com" | 3600 |
example.com
represents domain that the record is for.
CAA
is the record type.
0
is the record flag. Currently the only supported value for the flag is 0
, but is defined to allow for future expansion.
issue
is the record tag. Available tags for CAA records are: issue
, issuewild
and iodef
"certificateauthority.com"
is the value of the record. This defines that only this certificate authority is allowed to issue certificates for this domain name.
3600
is the TTL (time to live) of the record in seconds, this example represents 1 hour. This means that when a record has had updates made to it, then it will take 1 hour to update.