DNS and Domain Tool

CAA Lookup

Check Certification Authority Authorization records for a domain. CAA can guide certificate issuance, but it is not a full TLS certificate or website-security audit.

Check CAA records

Enter a domain to check CAA records.

Raw JSON

What the results mean

CAA records can name certificate authorities that may issue certificates for a domain. Values often include issue, issuewild, or iodef.

How to use this tool

Enter a domain.
Review returned CAA records and TTL values.
Use SSL Certificate Checker, HTTP Headers Checker, and Security Headers Checker for complementary website signals.

FAQ

Does this inspect the live certificate?

No. It checks DNS CAA records only.

Can CAA stop every bad certificate?

No. It is a policy signal used by certificate authorities, not a standalone protection layer.

Why use CAA?

CAA can reduce accidental issuance by unexpected certificate authorities when configured correctly.