CAA records (Certificate Authority Authorization) explained

What it is

CAA (Certificate Authority Authorization) is a DNS record type that lets you specify which certificate authorities (CAs) are allowed to issue certificates for your domain. If no CAA record exists, any CA can issue a cert; with CAA, only the CAs you list (or none) can issue.

Why it matters

CAA reduces the risk of a CA issuing a certificate for your domain without your approval. It is a defense-in-depth measure and is increasingly expected by security and compliance reviews. Monitoring CAA helps you confirm your DNS is configured as intended.

How Barrion checks it

Barrion performs DNS lookups for CAA records on your domain. We report what we find (or that no CAA is set) and whether the configuration is consistent with common best practices. Read-only DNS checks.

Run this check →

Related

Secure Your Company's Web Apps

Trusted by CTOs, dev teams, and agencies for compliance monitoring and audit-ready security reports.
Get detailed security reports with actionable fixes in under 60 seconds.

Barrion logo icon

Barrion delivers automated security scans and real-time monitoring to keep your applications secure.

Quick Links

For teams

Company

Contact us

Have questions or need assistance? Reach out to our team for support.

[email protected]
Send email icon

© 2025 Barrion AB (559569-0917) - All Rights Reserved.