whatsmydns.net - DNS Propagation Checker
  1. What's My DNS?
  2. DNS Records
  3. CAA Records

DNS CAA Record

CAA records, or Certificate Authority Authorization records are used to specify which Certificate Authorities (CA's) are allowed to issue certificates for a domain

Example CAA record

An example CAA record may look like the following:

Domain Type Flag Tag Value TTL
example.com CAA 0 issue "certificateauthority.com" 3600

example.com represents domain that the record is for.

CAA is the record type.

0 is the record flag. Currently the only supported value for the flag is 0, but is defined to allow for future expansion.

issue is the record tag. Available tags for CAA records are: issue, issuewild and iodef

"certificateauthority.com" is the value of the record. This defines that only this certificate authority is allowed to issue certificates for this domain name.

3600 is the TTL (time to live) of the record in seconds, this example represents 1 hour. This means that when a record has had updates made to it, then it will take 1 hour to update.

How to check CAA records?

Use the CAA Record Lookup tool to check a domain name's CAA records.

Use the DNS Lookup tool to check all DNS record types.

Use the Global DNS Checker tool to check DNS records from all around the world.