CAA Record

Overview

This document describes how to a CAA record. If you want to authorize a designated CA to issue an SSL certificate for your domain name so as to prevent mistaken SSL certificate issuance, you need to add a CAA record.

Directions

1. Log in to the DNSPod Console.
2. In "My Domains", click the domain for which to add a CAA record to enter its "Record Management" page as shown below:

1. Click Add Records and enter the following record information as shown below:

Host: enter a subdomain. For example, when adding a record for www.dnspod.com, you can simply enter "www" in the "Host" field. If you only want to add a record for dnspod.com, select "@" in the "Host" field.
Type: select "CAA".

• Split Zone: select "Default"; otherwise, certain CAs may not be able to conduct verification.
  Value:
  The format of a CAA record is [flag] [tag] [value], which consists of a flag byte [flag] and a [tag] -[value] (tag-value) pair called an attribute. You can add multiple CAA fields to the DNS record of the domain.

tag field description:

• issue: authorizes a single CA to issue certificates of any type for the host name.
• issuewild: authorizes a single CA to issue wildcard certificates for the host name.
• iodef: the CA can send the URLs of issuance records in violation to a certain email address.

Weight: leave it empty.
MX: leave it empty.
TTL: it is the cache time and 600s by default. The smaller the value, the faster the change to the record will take effect in various regions.

1. Click Confirm.