Show Universal SSL's CAA records in DNS Management UI

prajaybasu · January 6, 2021, 2:35pm

Cloudflare automatically adds the required CAA records for Universal SSL right now (without showing them in the UI), but it might be a bit concerning for some users to see these unrecognized CAA records in other tools/sites.

As far as I know, the only place that mentions this automatic addition of CAA records is a help article Certification Authority Authorization (CAA) FAQ – Cloudflare Help Center

There needs to be an option to include records from Universal SSL in the “Advanced” selector in the management UI.

Related: Show automatically added records in the DNS list - Feedback / Usage & Design - Cloudflare Community

tobi · January 29, 2021, 10:00pm

@prajaybasu thank you for making this suggestion. We are aware of this issue and working internally to come up with a solution. At the moment, the best way to prevent this from happening is to disable the Universal SSL from the dashboard before pointing to Cloudflare’s nameserver for a new zone.

bgoewert · June 3, 2022, 8:32am

I don’t think the suggestion is to prevent anything. On the contrary, I think it’s good that CAA is added as a result of Universal SSL.

One solution, like the suggestion suggests, could be to add a view-only record that displays the CAA. Possibly even toggleable from the advanced options.

Or like this related comment suggests, list them in a new section below the rest of the records.

Topic		Replies	Views
Automatic CAA Records Missing? Security	4	2391	November 26, 2021
SSL Zetifikat DNS & Network	4	1405	January 3, 2023
CAA Improvement Suggestions Usage & Design dns , dash-ssl-tls	3	2235	October 24, 2018
No CAA records for Universal SSL? DNS & Network dash-ssl-tls	3	2266	April 24, 2019
CAA Record without adding it? DNS & Network	3	2125	July 21, 2020

Show Universal SSL's CAA records in DNS Management UI

Related topics