networking:dns:bind:caa_certification_authority_authorization
Table of Contents
Networking - DNS - Bind - CAA (Certification Authority Authorization)
DNS CAA (Certification Authority Authorization) is an Internet security policy mechanism which allows domain name holders to indicate to certificate authorities whether they are authorized to issue digital certificates for a particular domain name.
example.org. CAA 1 issue "letsencrypt.org" example.org. CAA 1 iodef "mailto:caa@example.org"
Test
dig +short -t caa google.com
returns:
0 issue "pki.goog"
NOTE:
- 0 means the CA may continue to issue the the certificate if it does not understand the record. It is like a non-crtiical X.509 extension.
- 128 means the CA may not issue the certificate if it does not understand the record in question, so this would be like a critical X.509 extension.
References
networking/dns/bind/caa_certification_authority_authorization.txt · Last modified: 2021/06/05 18:53 by peter