CAA रिकॉर्ड

Certificate Authority Authorization — declares which CAs are allowed to issue certs for your domain.

CAA रिकॉर्ड क्या है?

CAA (RFC 6844, updated by RFC 8659) is a guard rail: it tells public CAs which authorities may issue TLS certificates for your domain. Modern CAs must check CAA before issuance — a misconfigured CAA blocks renewal.

ज़ोन फ़ाइल का उदाहरण

example.com.    300    IN    CAA    0 issue "letsencrypt.org"
example.com.    300    IN    CAA    0 iodef "mailto:security@example.com"

सामान्य उपयोग

  • Lock issuance to a single CA (Let's Encrypt, DigiCert, etc.).
  • Get notified when an unauthorised issuance is attempted via the iodef tag.
  • Tighten a regulated environment where rogue cert issuance is a compliance risk.
  • Allow wildcard issuance separately via the issuewild tag.

सामान्य भूलें

Letting CAA expire or pointing it at a CA you no longer use will silently fail certificate renewal. Always test with Let's Encrypt staging or a CAA lint tool before tightening.

DNS रिकॉर्ड देखें →

संबंधित रिकॉर्ड प्रकार

A record
Maps a domain name to an IPv4 address.
AAAA record
Maps a domain name to an IPv6 address.
MX record
Tells the world which mail servers receive email for a domain.
TXT record
Stores arbitrary text — most often SPF, DKIM, DMARC and ownership-verification tokens.
सुरक्षा सुझाव

डिफ़ॉल्ट पासवर्ड इस्तेमाल कर रहे हैं? NordVPN एन्क्रिप्शन से अपने नेटवर्क की सुरक्षा करें।

NordVPN प्राप्त करें