A Certification Authority Authorization (CAA) record is used to specify which certificate authorities (CAs) are allowed to issue certificates for a domain.

CAA records allow domain owners to declare which certificate authorities are allowed to issue a certificate for a domain. 

CAA records also provide a means of indicating notification rules in case someone requests a certificate from an unauthorized certificate authority. 

If no CAA record is present, any CA is allowed to issue a certificate for the domain. If a CAA record is present, only the CAs listed in the record(s) are allowed to issue certificates for that hostname.

Example:

$ dig CAA +short sqley.com

128 iodef "mailto:support@sqley.com"

128 issue "digicert.com"

128 issue "entrust.net"