DNS
CAA Record Checker
Check Certificate Authority Authorization (CAA) DNS records. Restrict which CAs can issue SSL certs.
Certificate Authority Authorization. Restricts which CAs can issue SSL/TLS certs.
How to use
- Enter a domain, URL, or value relevant to CAA Record Checker.
- Run the check and review the output carefully.
- Apply recommended fixes, then run the check again to verify.
Common use cases
- Pre-deployment validation for CAA Record Checker.
- Incident triage when security checks fail in production.
- Periodic security review as part of technical SEO and hardening.
Example inputs
example.comletsencrypt.orggithub.comCommon issues and fixes
No CAA records
Most domains have no CAA. Without CAA, any CA may issue certs. Add CAA to restrict.
Critical flag
Critical CAA (128) means unknown tags must be ignored. Use with care.
Recommended remediation
CAA records specify which CAs can issue certs. Add issue/issuewild for Let's Encrypt, DigiCert, etc. iodef for violation reporting.
FAQ
Is CAA Record Checker free to use?
Yes. This tool is free and can be used without account registration.
Do you store submitted values?
Only the minimum processing needed for the check. For client-side tools, data stays in your browser.
How should I use these results?
Use the output as a diagnostic baseline, apply fixes in your stack, then re-run the check to confirm remediation.
Related security tools
SSL Checker
Verify SSL/TLS certificate details, issuer, expiry date, and certificate chain for any domain.
DNS Lookup
Query DNS records (A, AAAA, MX, TXT, NS, CNAME) for any domain using public DNS API.
SPF Record Checker
Fetch and parse SPF (Sender Policy Framework) records for a domain to validate email security.
DMARC Record Checker
Verify DMARC DNS records. Policy, RUA, RUF, alignment.