DEV Community

Pavol Z. Kutaj
Pavol Z. Kutaj

Posted on

Explaining CAA DNS Record

The aim of this page is to explain Certificate Authority Authorization (CAA) DNS records and how they function. Why? Because I am having an issue creating a TLS cert with Traefik as the CAA record of the vendor is not listing Let's Encrypt as an allowed Certificate Authority.

  • CAA records authorize specific Certificate Authorities (CAs) to issue SSL/TLS certificates for a domain.
  • Enhances security by preventing unauthorized CAs from issuing certificates.
  • Contains fields: Flags, Tag, and Value.
  • Flags: Integer value, typically 0.
  • Tag: Specifies the type of policy, e.g., issue, issuewild, iodef.
  • Value: Domain of the authorized CA.
  • Real-world example:
doggo CAA google.com
NAME        TYPE    CLASS   TTL     ADDRESS             NAMESERVER
google.com. CAA     IN      9550s   0 issue "pki.goog"  8.8.8.8:53  
Enter fullscreen mode Exit fullscreen mode
  • The record type is Defined in RFC 8659.

LINKS

Postmark Image

Speedy emails, satisfied customers

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Immerse yourself in a wealth of knowledge with this piece, supported by the inclusive DEV Community—every developer, no matter where they are in their journey, is invited to contribute to our collective wisdom.

A simple “thank you” goes a long way—express your gratitude below in the comments!

Gathering insights enriches our journey on DEV and fortifies our community ties. Did you find this article valuable? Taking a moment to thank the author can have a significant impact.

Okay