In a previously published guide we talked about DNS CAA Record. Here is how to how to add CAA Record in Dyn DNS with GeoTrust. Let’s Encrypt Etc certificates. At that time Dyn DNS has no way to add DNS CAA record. Perhaps this guide will help some of the users. You must add DNS CAA Record, as it is mandatory.
If you are not using Dyn DNS, you can test their free trial for a week. In case you want to use the paid service can use our coupon code
RFE1Y9H0YE (you can ask Dyn support giving link of this webpage, Dyn has no money making referral, it is simply a discount coupon).
How To Add CAA Record : Dyn DNS With GeoTrust, Let’s Encrypt
In the above linked previous article, we talked about the basic technical matters around DNS CAA record, which is specified by
RFC 6844. It is basically just like adding any other record like A record. Login to Dyn portal (which is currently https://portal.dynect.net/login/). Navigate to Managed DNS link. Then beside your Zone of website click the manage link. Click the
Add a New Record link, select CAA record type from the dropdown option, initially set the TTL to 30 seconds and record to add on right hand side (you need not to do anything on the left hand side) for Geotrust will be :
0 issue "geotrust.com"
Save it and publish. You possibly want to add a report abuse email too. In that case, optionally in the same way add another CAA record with this content :
0 iodef "\226\128\156mailto:email@example.com\226\128\157"
firstname.lastname@example.org is your email.
In case of Let’s Encrypt, the thing is basically the same, the value of the record will be :
0 issue "letsencrypt.com"
Easiest way to check is to run test on SSL Labs :
After you can see the test shows as green, increase the TTL of record to a tiger value, like 2 days.