Create CAA record Create CAA record

Dynu gives you full control over all the DNS configurations for your domain names. You can log onto the control panel to manage your DNS records.

What is a CAA record?

CAA record is a type of DNS record that allows domain owners to specify which Certificate Authorities (CAs) are allowed to issue certificates for that domain. By default, every public Certificate Authority is allowed to issue certificates for any domain name if they are able to validate the requester's ownership of the domain name. If a CA receives an order for a certificate for a domain with a CAA record and that CA isn’t listed as an authorized issuer, they are prohibited from issuing the certificate to that domain or any subdomain.

How to add a CAA record?


To add a CAA record in the control panel, you may follow these 3 steps.

Listing Item Step 1

Log into control panel, go to Dynamic DNS Service Icon DDNS Services   and click on your domain name.

Listing Item Step 2

Go to DNS Records Icon DNS Records   to add a CAA Record.

Node Name   Enter the subdomain name, for example, subdomain1. Leave empty for the primary domain name.

Type   Choose "CAA - Certification Authority Authorization".

TTL   How long the server should cache the information.

Flags   Flags have only two strictly defined states currently: 0 (non-critical and default) and 1 (critical). 0 is common.

Tag   Tag has three values: issue, issuewild, iodef. issue is for a single domain while issuewild is for wildcard certificates. iodef is less common and specifies a URL to which an issuer may report certificate issue requests that are inconsistent with the issuer's Certification Practices or Certificate Policy.

Value   For the issue and issuewild tags, the value is typically the domain name of the CA authorized by the record, for example, comodoca.com, sectigo.com, letsencrypt.org, godaddy.com, amazon.com etc. You can have more than 1 CAA record to authorize multiple CAs. For iodef tag, you’ll supply a URL where policy violations should be reported. It is usually in the format of mailto:abuse@comodoca.com.

CAA Record Dynu Dynamic DNS


Listing Item Step 3

Check if your CAA record has gone into effect using DNS Lookup tool. Enter dynu.biz as Hostname, and choose "CAA - Certification Authority Authorization" as Type.

CAA Record Dynu Dynamic DNS
Loading...