What Are CERT Records?

 

CERT records are a type of DNS record used to store public key certificates and related data (e.g., certificate revocation information) directly within a domain's DNS. They enable systems to retrieve certificate information via DNS to support identity validation and secure communications.

While not widely used compared to other DNS records, CERT records can publish certificate data, such as X.509 certificates or PGP keys.

Key Aspects of CERT Records

Purpose
CERT records store certificate data in DNS, allowing applications to retrieve and use it for identity verification.

Security Function
Unlike records that define policy (e.g., CAA), CERT records contain actual certificate-related data that can be used in authentication processes.

Contents
A CERT record typically includes:

  • Certificate type (e.g., X.509, PGP)
  • Key tag
  • Algorithm
  • Certificate data (encoded)

Common Usage

  • Publishing PGP public keys
  • Supporting certain secure email or network authentication systems
  • Experimental or niche certificate distribution via DNS

Compared to Other DNS Security Records

  • CAA (Certificate Authority Authorization): Specifies which certificate authorities are allowed to issue SSL/TLS certificates for a domain.
  • CERT: Stores actual certificate or key data in DNS.
  • TXT: Commonly used for email authentication (SPF, DKIM, DMARC) and other verification purposes.

Note: CERT records are relatively uncommon in modern deployments, as most certificate distribution relies on PKI infrastructure instead of DNS.

Use our free CERT Lookup to see a list of CERT DNS records per queried domain.

burritos@banana-pancakes.com braunstrowman@banana-pancakes.com finnbalor@banana-pancakes.com ricflair@banana-pancakes.com randysavage@banana-pancakes.com