CAA Records specify which certificate authorities are allowed to issue certificates for a domain.
Earlier this year the CA/Browser Forum voted to make Certificate Authority Authorization (CAA) mandatory for all Certificate Authorities. What this means that domains will need to assert via DNS records (the CAA DNS RRType) which CA’s are permitted to issue certificates for your domains. Think of it as “sort of like SPF, but for SSL/TLS certs”.
Once the Advanced DNS Records feature has been enabled, you'll want to do the following:
1. Click on the DNS link for your domain
2. Click on the wrench for CAA RECORDS
3. Enter your settings and click on NEXT
4. Confirm your changes
Once the changes have been confirmed, your CAA records will be visible via DNS and will look like the following:
markjr@markjr:~$ dig -t caa anarchy.fm [snip] ;; ANSWER SECTION: anarchy.fm. 10799 IN CAA 0 issue "rapidssl.com" anarchy.fm. 10799 IN CAA 0 issuewild "geotrust.com"
