By SSLMate
If you want to publish a CAA record, your domain's DNS software (or provider) needs to support CAA. This page tells you which DNS software and providers support CAA.
If you don't want to publish a CAA record, it shouldn't matter whether or not your domain's DNS software supports CAA, since the DNS protocol provides a way to add new record types in a backwards compatible way. Unfortunately, some DNS software is broken and mishandles unsupported record types such as CAA. If your domain uses such DNS software, you may have trouble getting certificates for your domain.
Please open an issue if you have an addition to this page.
| Software/Provider | Support | Comments |
|---|---|---|
| BIND | Yes | Prior to version 9.9.6 use RFC 3597 syntax |
| dnsmasq | Yes | Use --dns-rr option with hex data |
| Knot DNS | ≥2.2.0 | |
| ldns | ≥1.6.17 | |
| NSD | Yes | Prior to version 4.0.1 use RFC 3597 syntax |
| OpenDNSSEC | Yes | With ldns ≥1.6.17 |
| PowerDNS | ≥4.0.0 | Versions 4.0.3 and below are buggy when DNSSEC is enabled. |
| Simple DNS Plus | ≥6.0 | |
| tinydns | Yes | Use generic record syntax |
| Windows Server 2016 | Yes | Use RFC 3597 syntax |
| Software/Provider | Support | Comments |
|---|---|---|
| 1&1 | Yes | |
| 123 Reg | No | |
| 34SP.com | Yes | |
| Afraid.org Free DNS | Yes | |
| Alibaba Cloud DNS | Yes | |
| Azure | Yes | |
| BuddyNS | Yes | |
| Cloudflare | Yes | Cloudflare will add additional CAA records unless you disable Universal SSL. |
| CloudfloorDNS | Yes | |
| ClouDNS | Yes | |
| CloudXNS | Yes | |
| Constellix DNS | Yes | |
| core-networks.de | Yes | |
| Crazy Domains | Yes | |
| deSEC | Yes | |
| Digital Ocean | Yes | |
| DNS Made Easy | Yes | |
| DNSimple | Yes | |
| DNSPod | Yes | |
| domaindiscount24 | Yes | |
| Domeneshop (Domainnameshop) | Yes | |
| Dreamhost | Yes | |
| Dyn Managed DNS | Yes | |
| easyDNS | Yes | |
| Enom/Tucows | No | |
| ezyreg.com (Netregistry) | Broken | Does not respond to CAA queries over UDP |
| Futureweb | Yes | |
| Gandi | Yes | |
| Glauca HexDNS | Yes | |
| GoDaddy | Yes | |
| Google Cloud DNS | Yes | |
| Google Domains DNS | Yes | |
| GratisDNS | Yes | |
| Hetzner | Yes | |
| hosting.de | Yes | |
| Hostwinds | Yes | |
| Hover | No | |
| http.net | Yes | |
| Hurricane Electric Free DNS | Yes | |
| Internap | Broken | Responds to CAA queries with a SERVFAIL error |
| INWX | Yes | |
| iwantmyname | Yes | Requires opening a support ticket |
| Lightsail DNS | No | Relevant forum thread |
| Linode | Yes | |
| LM Data | Broken | Responds to CAA queries with a NOTIMP error |
| Metaname | Yes | |
| Mythic Beasts | Yes | |
| name.com | No | |
| NameBright | No | |
| Namecheap | Yes | |
| NameSilo | Yes | |
| Netcup | Yes | |
| Neustar UltraDNS | Yes | |
| No-IP Dynamic DNS | Yes | |
| NS1 | Yes | |
| Nucleus NV | Yes | |
| Opalstack | Yes | |
| OVH | Yes | |
| Pair Domains | Yes | |
| Rackspace Cloud DNS | No | |
| Route 53 | Yes | |
| schokokeks.org | Yes | |
| SoftLayer | No | |
| STRATO | No | |
| UD Media | Yes | |
| UKFast | Yes | |
| Vultr | Yes | |
| WebHostOne | Yes | |
| Zilore | Yes |