CAA Record
Last updated:2026-03-24 14:17:55
Overview
This document describes how to a CAA record. If you want to authorize a designated CA to issue an SSL certificate for your domain name so as to prevent mistaken SSL certificate issuance, you need to add a CAA record.
Directions
Note:
1. Log in to the DNSPod Console.
2. In Authoritative Resolution page, click the domain for which to add a CAA record to enter its "Record Management" page as shown below:
3. Click Add Records and enter the following record information as shown below:
Host Record: enter a subdomain. For example, when adding a record for
www.dnspod.com, you can simply enter "www" in the "Host" field. If you only want to add a record for dnspod.com, select "@" in the "Host" field.Record Type: select "CAA".
Line Type: select "Default"; otherwise, certain CAs may not be able to conduct verification.
Record Value:
The format of a CAA record is [flag] [tag] [value], which consists of a flag byte [flag] and a [tag] -[value] (tag-value) pair called an attribute. You can add multiple CAA fields to the DNS record of the domain.
Field | Subfield | Description |
flag | - | An unsigned integer between 0 and 255, which is used to identify the CA. It is 0 by default, indicating that if the CA issuing the certificate cannot recognize this information, it will be ignored. |
tag | issue | Authorizes a single CA to issue certificates of any type for the host name. |
| issuewild | Authorizes a single CA to issue wildcard certificates for the host name. |
| iodef | The CA can send the URLs of issuance records in violation to a certain email address. |
value | - | CA's domain or email address used for notification of violations. |
Weight: leave it empty.
Priority: leave it empty.
TTL: it is the cache time and 600s by default. The smaller the value, the faster the change to the record will take effect in various regions.
4. Click Confirm.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback