How to check CAA record?

At any time, we can send query to the DNS server of any domain whether the DNS entries of the checked domain contain CAA records. Depending on the entries added, we may receive different values. We will use the command for this purpose dig

In case a CAA record has been added:

dig mydomain.com caa

; <<>> DiG 9.10.6 <<>> mydomain.com caa
;; global options: +cmd
;; Got answer:
;; ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52212
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mydomain.com. IN CAA

;; ANSWER SECTION:
mydomain.com. 300 IN CAA 0 issuewild “comodoca.com”
mydomain.com. 300 IN CAA 0 issuewild “certum.pl”
mydomain.com. 300 IN CAA 0 issue “comodoca.com”
mydomain.com. 300 IN CAA 0 issue “certum.pl”

;; Query time: 27 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Sep 08 20:14:16 CEST 2018
;; MSG SIZE rcvd: 169

In the above example, a CAA record appears and concerns the ability to generate SSL certificates by two issuers: Comodo and Certum.

If the domain does not have CAA records defined when sending the query, we will receive:


dig mydomain.com caa

; <<>> DiG 9.10.6 <<>> mojadomena.pl CAA mydomain.com CAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14665
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mydomain.com. IN CAA

;; AUTHORITY SECTION:
mydomain.com. 1800 IN SOA ns1.mydomain.com. hostmaster.mydomain.com. 2018031501 12400 3400 1203400 80400

;; Query time: 20 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Sep 08 20:27:57 CEST 2018
;; MSG SIZE rcvd: 91

 

In this case, we do not have an ANSWER SECTION, which means that there are no CAA records and hence there is no response in this respect from the queried DNS server.

Last Update: 03/08/2024  

03/08/2024 85 hexssl_admin  Technical Info  
Total 0 Votes:
0

Tell us how can we improve this post?

+ = Verify Human or Spambot ?

Add A Knowledge Base Question !

You will receive an email when your question will be answered.

+ = Verify Human or Spambot ?

SHARE THIS POST

Add A Knowledge Base Question !

You will receive an email when your question will be answered.

+ = Verify Human or Spambot ?