With a CAA record, you as the domain holder can determine which certification authorities (CAs) may issue certificates for your domain or subdomain. The abbreviation CAA stands for Certificate Authority Authorization.

The purpose of adding a CAA record is to prevent certificates from being mistakenly issued and misused for a domain or subdomain. Before issuing a certificate, the certification authority must check whether a CAA record is available.

If no CAA record is available, each certification authority may issue a certificate for the domain or subdomain. If a CAA record is available, only the certification authorities listed in the entries may issue certificates for the domain or subdomain.