CAA
(2018-10-16)
Problem
What is CAA record
Solution
CAA record is a DNS record that indicates who is permitted to issue SSL certs for a domain.
bind entry:
xdroop.com. IN CAA 128 issue "letsencrypt.org"
In action:
# dig @n1 caa xdroop.com
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> @n1 caa xdroop.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49189
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;xdroop.com. IN CAA
;; ANSWER SECTION:
xdroop.com. 900 IN CAA 128 issue "letsencrypt.org"
;; AUTHORITY SECTION:
xdroop.com. 900 IN NS n2.gridway.net.
xdroop.com. 900 IN NS n3.gridway.net.
xdroop.com. 900 IN NS n1.gridway.net.
;; ADDITIONAL SECTION:
n1.gridway.net. 300 IN A 139.60.168.90
n2.gridway.net. 300 IN A 72.142.112.27
n3.gridway.net. 300 IN A 207.236.146.3
;; Query time: 0 msec
;; SERVER: 139.60.168.90#53(139.60.168.90)
;; WHEN: Tue Oct 16 12:24:25 EDT 2018
;; MSG SIZE rcvd: 183