With a TLSA (TLS Authentication) record your can store the fingerprint of a TLS/SSL certificate in the DNS on your domain. It is commonly used for DANE.
TLSA records can only be trusted if DNSSEC is enabled on your domain. We are in the process of enabling DNSSEC for as many domains as possible. You can check if DNSSEC is enabled for your domain here: DNSKEY Lookup.
Create a TLSA record on your domain
- Log into the One.com control panel.
- Click DNS settings on the Advanced settings tile.
- Go to DNS records.
- Under create new record, click TLSA.
- Enter the following details:
- Hostname: the port number, protocol, and host like this: _25._tcp.
- Value: the certificate usage, selector, matching type, and certificate association data like this: 3 1 1 da92d453eed ... 8f09. Check the wiki article about DANE for more information.
- Optionally enter a TTL, or leave it empty to default to 3600 seconds.
- Click Create record to save your settings.
Example: In the screenshot below we have added the TLSA record with the hostname _25._tcp.mail.one-example.guide and value 3 1 1 da92d453eed5c0aede4 ... 8f09. The TTL is left empty, which will make it default to 3600.