The DNS records are the instructions that clients and servers are searching for a particular domain. The common ones are the A records for a domain name to IP address resolution, the CNAME for redirecting subdomain to the domain name, MX for incoming mail servers, etc. But the DNS CAA record is not so well-known, so now we will explain it to you.
What is a DNS CAA record?
The DNS CAA record (Certification Authority Authorization) is a record that the DNS administrator of a domain can add to clarify which Certificate Authorities (CAs) can issue SSL or TLS certificates for the particular domain. The CA are external organizations that you, as a domain owner, can choose to issue cryptographic certificates like SSL or TLS for your domain name.
The cryptographic certificate is used to validate the domain owner and to encrypt the communication with that domain. That way, it protects sensitive data.
With the CAA, the domain owner will have improved control over the process of issuing certificates. He or she can clearly state who is permitted to issue certificates and lower the number of miss-issued certificated for that domain. The CAA record can be used for the whole domain, or chosen subdomains only, depending on how you set it up.
One common requirement for using CAA records is to first enable DNSSEC. That is required for better security and trust from the side of the CA.