Skip to main content

How to add a Certification Authority Authorization (CAA) record to your DNS zone file

User-added image

If you use a hosted DNS service, please refer to this article .

Pre-requirement:

You must know which syntax to use when configuring your DNS zone file. This depends on your DNS. Please see the table below to determine the syntax type to use when configuring your CAA record. Or, for a complete guide to adding a CAA record, please select the link relating to your DNS.

Syntax Type DNS Product
Standard BIND BIND 9.9.6 and higher
PowerDNS 4.0.0 and higher
NSD 4.0.1 and higher
Knot DNS 2.2.0 and higher
Simple DNS Plus 6
Windows Server 2016
Legacy BIND

Any version prior to BIND 9.9.6
Any version prior to NSD 4.0.1

Generic Google Cloud DNS


General How-To: Adding Entrust to your CAA record

1. Open your domain's DNS zone file in Notepad. (Note that how you access your DNS records depends on where your domain is registered. If you are using a hosted DNS service please see our technote on how to access your DNS record here. )

2. You will have to configure the file to determine the CA(s) you wish to include your CAA record. Note that only adding one CA will limit issuance of SSL/TLS certificates on that domain to just that CA. Also note that domains may have more than one CA listed in a CAA record.

In order to add Entrust to your CAA record, add the below to your DNS zone file (please be sure to select the correct syntax):

*using "example.com" as the domain name

Standard BIND Zone File
example.com.       CAA       0 issue "entrust.net"
Legacy BIND Zone File
example.com.        TYPE257 \# 18 00056973737565656E74727573742E6E6574
Generic
0 issue "entrust.net"

This CAA record will indicate that Entrust is the authorized CA for domain.com and all subdomains. If a subdomain requires a different authorized CA, then a CAA record can be created separately for that subdomain.

3. Save your zone file and exit Notepad.

If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:

Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: Smart Phone users may use the 1-800 numbers shown in the table below.
Otherwise, it is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.

Country Number
Australia 0011 - 800-3687-7863
1-800-767-513
Austria 00 - 800-3687-7863
Belgium 00 - 800-3687-7863
Denmark 00 - 800-3687-7863
Finland 990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France 00 - 800-3687-7863
Germany 00 - 800-3687-7863
Hong Kong 001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland 00 - 800-3687-7863
Israel 014 - 800-3687-7863
Italy 00 - 800-3687-7863
Japan 001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea 001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia 00 - 800-3687-7863
Netherlands 00 - 800-3687-7863
New Zealand 00 - 800-3687-7863
0800-4413101
Norway 00 - 800-3687-7863
Singapore 001 - 800-3687-7863
Spain 00 - 800-3687-7863
Sweden 00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland 00 - 800-3687-7863
Taiwan 00 - 800-3687-7863
United Kingdom 00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088