CAA Record Lookup

Easily check the CAA records for your domain using our online CAA checker tool. All it takes is a few clicks, and you can have all the required details in a matter of seconds. Use our tool for free; no signup, no captcha.

Free CAA Record Lookup

The free CAA Record Checker is a useful tool that helps you check the CAA records of any domain (including yours). The CAA records contain information regarding the certificate authorities (CAs) that are allowed to issue SSL/TLS certificates for a particular domain. You can use our tool to make sure that those records are properly configured.

How to Use Our CAA Record Checker?

Our CAA record checker online is very simple and easy to use. All you have to do is follow a few simple steps, which are described below:

Select DNS Server

Our DNS lookup tool lets you select the DNS server in which you want to check the records. There are several options, such as:

  • Google

  • Cloudflare

  • Opendns

  • Yandex

  • Quad9

  • Authoritative DNS

Enter Domain Name

Provide your domain name in the designated search field. Double-check it for accuracy before proceeding.

Start CAA Lookup 

Click on the "Start CAA Lookup" button to initiate the process. Our tool will promptly begin searching for the associated CAA records.

Get CAA Record

Once the lookup process is complete, our CAA Checker will display the domain’s CAA records along with all of the relevant details, such as the TTL and value 

About CAA Record - What Is It?

The CAA record is the DNS record responsible for specifying the Certificate Authorities (CAs) authorized to issue SSL/TLS certificates for a particular domain. These records serve as a security measure, allowing domain owners to control and limit the CAs that can validate their domain. This way, it helps prevent unauthorized issuance of certificates and enhances overall web security.

CAA Record Example

Here's an example of a CAA (Certification Authority Authorization) record: CAA 0 issue "ca.example1.com"

Domain

Type

Flag

Tag

Value

TTL

example.com

CAA

0

issue

ca.example1.com

3600

Domain: example.com is the domain for which the CAA record is defined.

Type: CAA indicates that this is a Certification Authority Authorization record.

Flag: 0 is the flag value. There are only 2 values for the flag field: 0 or 1. 0 means that the CA is authorized to give certificates, while 1 means it can’t. 

Tag: the issue is the tag specifying the type of authorization. This example allows the specified CA to issue certificates for the domain.

Value: "ca.example1.com" is the value associated with the issue tag, indicating the domain name of the authorized Certificate Authority.

TTL: Time to live (TTL) is the amount of time for which the record can exist. It is measured in seconds. So, the value “3600” means this record can exist for 3600 seconds, i.e., 1 hour.

Alternate Methods of Checking CAA Records

Here are some alternate methods for checking CAA records. If you have a Linux or macOS device, you can use the Terminal to check the CAA records for whichever domain that you want. However, this cannot be done on a Windows system.

 

How to Check CAA Record on Linux?

Here’s a simple step-by-step process to check CAA records on a Linux system:

Open Terminal

Access the terminal on your Linux distribution.

linux terminal

Run dig Command

  • Type dig example.com CAA, replacing "example.com" with your actual domain.

  • Press Enter to execute the command.

Checking CAA Record on Linux

Review the Results

  • The output will display the CAA records associated with the specified domain.

  • Look for the "issue" tag to identify the authorized Certificate Authorities.

Here's an example of what the result might look like:

 

; <<>> DiG 9.16.1-Ubuntu <<>> example.com CAA

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: xxxxx

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 65494

;; QUESTION SECTION:

;example.com. IN CAA

 

;; ANSWER SECTION:

example.com. xxxxx IN CAA 0 issue "ca.example1.com"

 

In this example, the CAA record for "example.com" indicates that only the Certificate Authority with the domain name "ca.example1.com" is authorized to issue certificates for the domain.

How to Check CAA Record on macOS?

Follow this simple method to check the CAA record on macOS.

Open Terminal

Open the Terminal application on your MacOS.

macOS terminal

Run dig Command

  • Type the following command, replacing "example.com" with your actual domain: dig example.com CAA.

  • Press Enter to execute the command.

Checking CAA Record on macOS

Review the Results

  • The output will display the CAA records linked with the specified domain.

Frequently Asked Questions

What is CAA record lookup, and why is it useful?

CAA record lookup is the process of querying the DNS servers to retrieve CAA records for a specific domain. It is useful to verify which CAs are authorized to issue certificates for a domain and ensure the correct security policies are in place.

What information does the CAA record lookup tool provide?

Our tool shows whether the given domain has CAA records set in place or not. If it finds a CAA record, it shows all the relevant details, including the flags, CA names, and other relevant information.

How often should I check my domain's CAA records?

It's recommended to periodically check your domain's CAA records, especially when updating SSL/TLS certificates or changing your security policies. Regular checks ensure that only authorized CAs can issue certificates for your domain.