Creating a CAA Record

A Certification Authority Authorization (CAA) DNS resource record enables domain owners to define the Certificate Authorities (CAs) that can issue certificates for a domain. When you define a CAA record, only the CAs listed in the records can issue certificates for the respective domain. With CAA, you can also define notification rules to manage requests for a certificate from a non-authorized CA. If you do not define a CAA resource record, any CA can issue a certificate for the domain. The following are a few examples of CAA resource records:

example.com. CAA 0 issue “ssl.com; policy=ev”
example.com. CAA 0 issuewild “;”
example.com. CAA 0 iodef “mailto:certissues@example.com”
example.com. CAA 0 iodef “certissues.example.com”

To create a CAA Record, complete the following:

From the Infoblox Portal, click Configure > Networking > DNS > Zones.
Click the DNS view.
Click the zone.
Click Create > Record and select CAA Record from the column selector.

On the Create CAA Record page, specify the following and click Save & Close:

Name: Enter a name for the CAA Record.
Select Zone: Select an associated zone from the column selector.
Flag: Select the flag from Bit 0 to Bit 7.
Tag: Enter a tag or select from drop-down.
Certificate Authority: Enter the details of the certificate authority.
Description: Enter a descriptive comment about the CAA Record.
TTL: Enter a numeric value and select Hours, Minutes, or Seconds from the drop-down.
Disable for DNS Protocol: Click this check box to temporarily disable for DNS Protocol.
Tags: Click Add to associate keys with values. Specify the following details:
- KEY: Enter a meaningful name for the key, such as a location or a department.
- VALUE: Enter a value for the key such as San Jose (for location), or Accounts (for department).
- To remove a tag, select the respective check box and click Remove to delete the associated tag. For more information about tags, see Managing Tags.