CAA (Certificate Authority Authorisation) RECORD INFORMATION
This type of record allows to specify which certificate authorities (CAs) are allowed to issue certificates for the domain
The purpose of the CAA record is to allow domain owners to declare which certificate authorities are allowed to issue a certificate for a domain. They also provide a means for indicating notification rules in case someone requests a certificate from a not authorized certificate authority. If no CAA record is present, any CA is allowed to issue a certificate for the domain. If a CAA record is present, only the CAs listed in the record(s) are allowed to issue certificates for that hostname.
CAA records can set policy for the entire domain, or for specific hostnames. CAA records are also inherited by subdomains, therefore a CAA record set on example.com will also apply to any subdomain, such as subdomain.example.com (unless overridden). CAA records can control the issuance single-name certificates, wildcard certificates, or both.
The CAA record is expressed in a master file in the following format:
Flag
An unsigned integer between 0-255.
Tag
An ASCII string that represents the identifier of the property represented by the record.
Value
The value associated with the tag.