Announcements

Pricing Adjustment for DNSPod Ultimate Plan on the International Site

DNSPod Global Upgrade Notification

DNSPod Global API Upgrade Instructions

Product Introduction

Introduction

Supported Resolution Routes for Each Service Plan

Purchase Guide

Pricing Overview

Purchasing DNS Plan

Getting Started

Adding Record

Product Rule

Domain Configuration Rule

Record Rule

Host Rule

Line Type Rule

Operation Guide

Settings of Various Record Types

Manage DNS Records

CAM Policy

Batch Operation

Domain Lock

Round-Robin DNS Record Weight Settings

Alias Binding

Domain Sharing

CNAME Acceleration

Modifying DNS Server

Cross-Account Transfer

API Documentation

FAQs

DNS Resolution Effect

Plans

DNS

Reverse DNS

Effective Time

Line Type Group

DNS Resolution Failure

DNS Resolution

Host Record and Record Value

DNSPod API Call Instance

Others

Cloud DNS Resolution Policy

Data Processing And Security Agreement

CAA Record

PDF

Focus Mode

Font Size

Last updated: 2026-03-24 14:17:55

Overview
This document describes how to a CAA record. If you want to authorize a designated CA to issue an SSL certificate for your domain name so as to prevent mistaken SSL certificate issuance, you need to add a CAA record.
Directions
Note: 
If anything goes wrong during this process, please contact us.
1. Log in to the DNSPod Console.
2. In Authoritative Resolution page, click the domain for which to add a CAA record to enter its "Record Management" page as shown below:
﻿
3. Click Add Records and enter the following record information as shown below:
﻿
Host Record: enter a subdomain. For example, when adding a record for www.dnspod.com, you can simply enter "www" in the "Host" field. If you only want to add a record for dnspod.com, select "@" in the "Host" field.
Record Type: select "CAA".
Line Type: select "Default"; otherwise, certain CAs may not be able to conduct verification.
Record Value: 
The format of a CAA record is [flag] [tag] [value], which consists of a flag byte [flag] and a [tag] -[value] (tag-value) pair called an attribute. You can add multiple CAA fields to the DNS record of the domain.
Field
Subfield
Description
flag
-
An unsigned integer between 0 and 255, which is used to identify the CA. It is 0 by default, indicating that if the CA issuing the certificate cannot recognize this information, it will be ignored.
tag
issue
Authorizes a single CA to issue certificates of any type for the host name.
﻿
issuewild
Authorizes a single CA to issue wildcard certificates for the host name.
﻿
iodef
The CA can send the URLs of issuance records in violation to a certain email address.
value
-
CA's domain or email address used for notification of violations.
Weight: leave it empty.
Priority: leave it empty.
TTL: it is the cache time and 600s by default. The smaller the value, the faster the change to the record will take effect in various regions.
4. Click Confirm.

Help and Support

Was this page helpful?

You can also Contact sales or Submit a Ticket for help.

Help us improve! Rate your documentation experience in 5 mins.

Feedback

Field	Subfield	Description
flag	-	An unsigned integer between 0 and 255, which is used to identify the CA. It is 0 by default, indicating that if the CA issuing the certificate cannot recognize this information, it will be ignored.
tag	issue	Authorizes a single CA to issue certificates of any type for the host name.
		issuewild	Authorizes a single CA to issue wildcard certificates for the host name.
		iodef	The CA can send the URLs of issuance records in violation to a certain email address.
value	-	CA's domain or email address used for notification of violations.

tencent cloud

Cloud DNS Resolution

CAA Record

Overview

Directions

Help and Support