How to check CAA record?

Home
LEI Codes
SSL Certificates
- Domain Validation (DV) SSL
  Quick and convenient way to secure your website with an ssl certificate in a few minutes. No paperwork.
  More Details
- Organization Validation (OV) SSL
  OV SSL certificates are intended to protect companies and organizations websites. Company details are visible in OV certificate.
  More Details
- Extended Validation (EV) SSL
  The highest security level. Company details are visible in EV SSL certificate. EV certificate display green browser address bar and company name.
  More Details
- Wildcard SSL
  Secure unlimited subdomains and main domain with just one ssl certificate. There is no limits for servers or subdomains to protect.
  More Details
- Multi-Domain SAN/UCC SSL
  Secure multiple domains with one ssl certificate. With Multi-Domain SAN/UCC SSL certificate you can secure up to 1000 domains.
  More Details
- S/MIME SSL
  Secure your e-mails and documents. Signed e-mails will maintain full integrity and certainty that content has not been modified by third parties.
  More Details
- Code Signing SSL
  Certificates to digitally sign you software to assure your customers that your software is from trusted source without modifications by third parties.
  More Details
- Free SSL
  Free SSL certificates are good if you plan to test SSL certificate or you need certificate for development purpose.
  More Details
SSL Brands
- Sectigo SSL Certificates
  Sectigo SSL certificates (formerly Comodo CA) are the fastest and most cost-effective way to secure online transactions.
  More Details
- Certum SSL Certificates
  Certum is the largest SSL certificates vendor in Poland. Experience and high level of security guarantees the highest class SSL certificates.
  More Details
- RapidSSL SSL Certificates
  RapidSSL is a trusted and well-known brand that puts high security and speed of SSL certificate activation.
  More Details
- DigiCert SSL Certificates
  DigiCert secures the websites, data, and applications of the world’s top companies. DigiCert delivers the highest security standards to protect your business.
  More Details
- Thawte SSL Certificates
  The combination of Thawte SSL certificates and uncompromised infrastructure and world-class customer service make Thawte good choice for online protection.
  More Details
- GeoTrust SSL Certificates
  GeoTrust is one of the oldest and proven SSL certificates vendor. World class SSL certificates are the highest security guarantees for your online business regardless of its size.
  More Details
About Us
Blog
Contact
polish

How to check CAA record?

03/08/2024

At any time, we can send query to the DNS server of any domain whether the DNS entries of the checked domain contain CAA records. Depending on the entries added, we may receive different values. We will use the command for this purpose dig

In case a CAA record has been added:

dig mydomain.com caa

; <<>> DiG 9.10.6 <<>> mydomain.com caa
;; global options: +cmd
;; Got answer:
;; ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52212
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mydomain.com. IN CAA

;; ANSWER SECTION:
mydomain.com. 300 IN CAA 0 issuewild “comodoca.com”
mydomain.com. 300 IN CAA 0 issuewild “certum.pl”
mydomain.com. 300 IN CAA 0 issue “comodoca.com”
mydomain.com. 300 IN CAA 0 issue “certum.pl”

;; Query time: 27 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Sep 08 20:14:16 CEST 2018
;; MSG SIZE rcvd: 169

In the above example, a CAA record appears and concerns the ability to generate SSL certificates by two issuers: Comodo and Certum.

If the domain does not have CAA records defined when sending the query, we will receive:

dig mydomain.com caa

; <<>> DiG 9.10.6 <<>> mojadomena.pl CAA mydomain.com CAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14665
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mydomain.com. IN CAA

;; AUTHORITY SECTION:
mydomain.com. 1800 IN SOA ns1.mydomain.com. hostmaster.mydomain.com. 2018031501 12400 3400 1203400 80400

;; Query time: 20 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Sep 08 20:27:57 CEST 2018
;; MSG SIZE rcvd: 91

In this case, we do not have an ANSWER SECTION, which means that there are no CAA records and hence there is no response in this respect from the queried DNS server.

Last Update: 03/08/2024

03/08/2024 61 hexssl_admin Technical Info Caa

Total 0 Votes:

Tell us how can we improve this post?

Captcha: + = Verify Human or Spambot ?

Add A Knowledge Base Question !

Question Title:

Category:

Your Email: You will receive an email when your question will be answered.

Captcha: + = Verify Human or Spambot ?

How to check CAA record?

Tell us how can we improve this post?

Related Knowledge Base Posts -

Add A Knowledge Base Question !

Add A Knowledge Base Question !