Skip to content

DEV Community

Pavol Z. Kutaj

Posted on Nov 4

Explaining CAA DNS Record

#dns

The aim of this page is to explain Certificate Authority Authorization (CAA) DNS records and how they function. Why? Because I am having an issue creating a TLS cert with Traefik as the CAA record of the vendor is not listing Let's Encrypt as an allowed Certificate Authority.

CAA records authorize specific Certificate Authorities (CAs) to issue SSL/TLS certificates for a domain.
Enhances security by preventing unauthorized CAs from issuing certificates.
Contains fields: Flags, Tag, and Value.
Flags: Integer value, typically 0.
Tag: Specifies the type of policy, e.g., issue, issuewild, iodef.
Value: Domain of the authorized CA.
Real-world example:

doggo CAA google.com
NAME        TYPE    CLASS   TTL     ADDRESS             NAMESERVER
google.com. CAA     IN      9550s   0 issue "pki.goog"  8.8.8.8:53

The record type is Defined in RFC 8659.

LINKS

https://tools.ietf.org/html/rfc8659

Top comments (0)

Subscribe

Read next

Choosing the Perfect App Development Approach in 2024: Native, Hybrid, or Cross-Platform?

Birdmorning Solutions Pvt. Ltd - Nov 21

ModuleNotFoundError in FastAPI Project When Running Pytest

Juan Jose Pardo - Nov 21

🚀 快速、智能、高效的现代端口扫描器 — RustScan

lin dong - Nov 21

Windows VPS for Remote Desktop Access from Mac: A Detailed Guide

David Jonson - Nov 21

Just a public interface of my current learning. The focus is on everything from vim to cloud. Imperfect. Impersonal. Never too far from the terminal.

Location

Brno, Czech Republic
Education

Central Europe University / MA at Modern History
Work

Senior Support Engineering at Snowplow Analytics
Joined

Jan 26, 2021

#jokes #discuss #watercooler

Notpad: Reinventing the Ordinary Notepad Experience with Svelte, Shadcn, and Tauri ✨📝🚀

#svelte #javascript #opensource #productivity

11 Practical Ways to Bring Side Income as a Developer 💰

#programming #beginners #opensource #productivity