Creating a CAA Record

A Certification Authority Authorization (CAA) DNS resource record enables domain owners to define the Certificate Authorities (CAs) that can issue certificates for a domain. When you define a CAA record, only the CAs listed in the records can issue certificates for the respective domain. With CAA, you can also define notification rules to manage requests for a certificate from a non-authorized CA. If you do not define a CAA resource record, any CA can issue a certificate for the domain. The following are a few examples of CAA resource records:

• example.com. CAA 0 issue “ssl.com; policy=ev”
• example.com. CAA 0 issuewild “;”
• example.com. CAA 0 iodef “mailto:certissues@example.com”
• example.com. CAA 0 iodef “certissues.example.com”

To create a CAA Record, complete the following:

1. From the Infoblox Portal, click Configure > Networking > DNS > Zones.
2. Click the DNS view.
3. Click the zone.
4. Click Create > Record and select CAA Record from the column selector.

           On the Create CAA Record page, specify the following and click Save & Close:

• Name: Enter a name for the CAA Record. 
• Select Zone: Select an associated zone from the column selector.
• Flag: Select the flag from Bit 0 to Bit 7.
• Tag: Enter a tag or select from drop-down. 
• Certificate Authority: Enter the details of the certificate authority.
• Description: Enter a descriptive comment about the CAA Record.
• TTL: Enter a numeric value and select Hours, Minutes, or Seconds from the drop-down.
• Disable for DNS Protocol: Click this check box to temporarily disable for DNS Protocol. 
• Tags: Click Add to associate keys with values. Specify the following details:
  • KEY: Enter a meaningful name for the key, such as a location or a department. 
    
  • VALUE: Enter a value for the key such as San Jose (for location), or Accounts (for department).     
  • To remove a tag, select the respective check box and click Remove to delete the associated tag. For more information about tags, see Managing Tags.