You might know about common CNAME and A records. But the new type of DNS record you may be noticing is CAA. It gives an indication of which certificate authority (CA) is permitted to issue SSL certificates on a domain name. There have been some issues with CAs over the last 12 months, and some domain operators have expressed concerns over the certificates they have issued. Using CAA records, you can restrict SSL certificates on your DNS to only trusted CAs.
CAA records at drServer.net
CAA is a new type of DNS record, and as such it is only supported by modern DNS server software. Any VPS servers provider who wants to offer the ability to create CAA records must upgrade its servers first. With the right software in place, VPS providers can offer the maximum security to users. DNS failures are, thankfully, not a frequent occurrence in most cases where the software at use is stable, but with a new and modern system, users should experience the best stability and performance in many areas.
Do I need to add CAA if I already use SSL/TLS?
At the time of writing, there is no current requirement for a domain name to include a CAA record, and the majority of existing setups will work just fine in the current climate. However, there may be changes to this in the future, and we will update our users of this should the time come.
In the meantime, adding a CAA record to your domain name merely adds an additional layer of security to your website. With the presence of a CAA DNS record, SSL certificates cannot be freely issued for your domain name. The only SSL certificate that will be possible to apply to your domain name will be the one from your nominated issuer.
This is worth considering, as GDPR is imminent and security is becoming an increasingly important consideration for any business that uses online tools and processes. And it can’t hurt to be ahead of the curve when it comes to new technologies – adding a CAA DNS record in your online hosting platform may be one of the things that sets you apart from the competition.