Skip to main content

CAA

(2018-10-16)

Problem

What is CAA record

Solution

CAA record is a DNS record that indicates who is permitted to issue SSL certs for a domain.

Information.

bind entry:

xdroop.com.  IN CAA 128 issue "letsencrypt.org"

In action:

# dig @n1 caa xdroop.com

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> @n1 caa xdroop.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49189
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;xdroop.com.                    IN      CAA

;; ANSWER SECTION:
xdroop.com.             900     IN      CAA     128 issue "letsencrypt.org"

;; AUTHORITY SECTION:
xdroop.com.             900     IN      NS      n2.gridway.net.
xdroop.com.             900     IN      NS      n3.gridway.net.
xdroop.com.             900     IN      NS      n1.gridway.net.

;; ADDITIONAL SECTION:
n1.gridway.net.         300     IN      A       139.60.168.90
n2.gridway.net.         300     IN      A       72.142.112.27
n3.gridway.net.         300     IN      A       207.236.146.3

;; Query time: 0 msec
;; SERVER: 139.60.168.90#53(139.60.168.90)
;; WHEN: Tue Oct 16 12:24:25 EDT 2018
;; MSG SIZE  rcvd: 183