# Stupid Simple Security Trick: Add a DNS CAA Record

[RFC 8659](https://www.rfc-editor.org/rfc/rfc8659.html) gave us the DNS CAA record. In a nutshell, you add a record to your DNS, to prevent mis-issuance of TLS certificates for your domain.

Worried that someone on your team will create a wildcard for your domain without understanding the risk?
Worried that a CA will make a mistake an issue a certificate for you?
Got DNS?
You can solve this for free right now! And while you are at it, [join the preload list](https://www.agilicus.com/we-are-all-in-on-the-tls-the-hsts-preload/).

Watch, learn.

https://youtu.be/NjSLBIBz4Vw