A Certification Authority Authorization (CAA) record is used to specify which certificate authorities (CAs) are allowed to issue certificates for a domain.
CAA records allow domain owners to declare which certificate authorities are allowed to issue a certificate for a domain. CAA records also provide a means of indicating notification rules in case someone requests a certificate from an unauthorized certificate authority. If no CAA record is present, any CA is allowed to issue a certificate for the domain. If a CAA record is present, only the CAs listed in the record(s) are allowed to issue certificates for that hostname. Example: $ dig CAA +short sqley.com 128 iodef "mailto:support@sqley.com" 128 issue "digicert.com" 128 issue "entrust.net"