Adding a CAA (Certification Authority Authorization) record helps you control which Certificate Authorities (CAs) are allowed to issue certificates for your domain, enhancing your domain's security. Here's how to add a CAA record using GoDaddy, based on the provided reference:
Steps to Add a CAA Record in GoDaddy
- Sign in to your GoDaddy Domain Portfolio.
- Select the specific domain for which you want to add the CAA record to access the Domain Settings page.
- Go to DNS Records: Select DNS to view the existing DNS records.
- Add New Record: Choose the Add New Record option. Then, select CAA from the Type menu.
- Enter CAA Record Details: Input the specific details provided by your SSL provider for the new CAA record. This typically includes the Tag, Value, and Flags.
Understanding CAA Record Components
A CAA record includes the following components:
- Flags: An integer between 0-255. 0 is most common, indicating that CAs should follow the instructions in this record.
- Tag: Specifies the action to be taken. Common tags include:
issue: Allows the specified CA to issue certificates (including wildcards).issuewild: Allows the specified CA to issue wildcard certificates only.iodef: Specifies an email address or URL to which CAs can report policy violations.
- Value: The domain name of the Certificate Authority (CA) that is authorized to issue certificates. For example,
letsencrypt.org.
Example CAA Record
| Component | Value |
|---|---|
| Type | CAA |
| Flags | 0 |
| Tag | issue |
| Value | letsencrypt.org |
| TTL | Default (e.g., 3600) |
This example allows Let's Encrypt to issue standard certificates for your domain.
By correctly configuring your CAA records, you can significantly reduce the risk of unauthorized certificate issuance, adding an important layer of security to your domain.
