dog, the command-line DNS client

The CAA record

The CAA (certification authority authorisation) record is used to limit the Certificate Authorities that are allowed to generate certificates for a given domain.

Example

Here, we query for CAA records of the domain caa-example.lookup.dog. The result is a record with the tag "issue", the certificate authority "some.certificate.authority", and the critical flag not set.

$ dog CAA caa-example.lookup.dog
CAA caa-example.lookup.dog. 1h00m00s   "issue" "some.certificate.authority" (non-critical)