DNS - new record CAA CAA (Certificate Authority Authorization)

Today I would like to mention taht since January 2013 (RFC 6844) it was defined a new DNS entry.

This entry it permit to define a Certification Authorities (CAs) authorized to grant certificates for specific domain.

This DNS entry it permit to avoid to have released certificates from not approved CA.

You can use this web link to test if a specific domain has already configured a specific CAA Record:


From 8th September 2017 it has been decided (ballot 187) that CAA checks are mandatory during CA certification releasing process.

[original article: https://www.devadmin.it/2017/11/27/dns-caa-resource-record/]