Who Supports CAA Records?

Who Supports CAA?

If you want to publish a CAA record, your domain's DNS software (or provider) needs to support CAA. This page tells you which DNS software and providers support CAA.

If you don't want to publish a CAA record, it shouldn't matter whether or not your domain's DNS software supports CAA, since the DNS protocol provides a way to add new record types in a backwards compatible way. Unfortunately, some DNS software is broken and mishandles unsupported record types such as CAA. If your domain uses such DNS software, you may have trouble getting certificates for your domain.

Please open an issue if you have an addition to this page.


BIND Prior to version 9.9.6 use RFC 3597 syntax NSD Prior to version 4.0.1 use RFC 3597 syntax PowerDNS 4.0.0 Versions 4.0.3 and below are buggy when DNSSEC is enabled. Knot DNS 2.2.0 Simple DNS Plus 6.0 Windows Server 2016 Use RFC 3597 syntax tinydns Use generic record syntax ldns 1.6.17 OpenDNSSEC With ldns ≥1.6.17


Google Cloud DNS Google Domains DNS Route 53 DNSimple DNS Made Easy Constellix DNS Cloudflare In beta; ask support to enable Dyn Managed DNS ClouDNS Afraid.org Free DNS Neustar UltraDNS Gandi Domeneshop (Domainnameshop) Hurricane Electric Free DNS BuddyNS NS1 Zilore Nucleus NV Mythic Beasts NameBright Returns invalid response to CAA queries ezyreg.com (Netregistry) Does not respond to CAA queries over UDP LM Data Responds to CAA queries with a NOTIMP error core-networks.de CloudXNS Namecheap Hetzner STRATO http.net Internap Responds to CAA queries with a SERVFAIL error Vultr Digital Ocean INWX schokokeks.org easyDNS Linode GratisDNS