How to create CAA Records


How could I create CAA records?

Hi Ron,

Thanks for your question, and welcome to deSEC!

For creating records, please see The example there is about an A record. CAA records can be created in the same way (you just need to replace the relevant values).

Stay secure,

Hi Peter,
I think the issue I’ve are the text parts in the record. I tried several commands, but nothing happens. I’m using a Windows computer so I’ve to change the curl order. This is what I try:
echo {“subname”: “”, “type”: “CAA”, “ttl”: 3600, “records”: [“0 iodef “mailto:{email address}””,"0 issue “”, “0 issuewild “;””]} | curl -X POST{domain}/rrsets/ --header “Authorization: Token “{token}”” --header “Content-Type: application/json” --data @-

I’ve found it:
echo {“subname”: “”, “type”: “CAA”, “ttl”: 3600, “records”: [“0 iodef “mailto::email address””,“0 issue “””, “0 issuewild “;””]} | curl -X POST{domain}/rrsets/ --header “Authorization: Token “{token}”” --header “Content-Type: application/json” --data @-

Hi @Ron,
I recommend using dnscontrol.

They support desec and have a CAA builder function


When trying to set “0 issuewild ;” as CAA record to prevent anyone from issuing wildcard certificates for my domain, an error occurs. Seems like this was also the issue that Ron was running into.

Hi jotto,

Welcome to deSEC! :slight_smile:

It works when putting quotes around the ;, as explained in the CAA specification.

(When using the API, you also need to make sure to escape these quotes, i.e. send "records": ["0 issuewild \";\""].)

Stay secure,