How do I create a TLSA record?

With a TLSA (TLS Authentication) record you can store the fingerprint of a TLS/SSL certificate in the DNS on your domain. It is commonly used for DANE.

TLSA records can only be trusted if DNSSEC is enabled on your domain. We are in the process of enabling DNSSEC for as many domains as possible. You can check if DNSSEC is enabled for your domain here: DNSKEY Lookup.

Don't have a domain name yet? Find the perfect domain for your business or idea today.

Create a TLSA record on your domain

  1. Log into the one.com Control Panel.
  2. Click DNS settings on the Advanced settings tile.
  3. Go to DNS records.
  4. Under create new record, click TLSA.
  5. Enter the following details:
    - Hostname: the port number, protocol, and host like this: _25._tcp.
    - Value: the certificate usage, selector, matching type, and certificate association data like this: 3 1 1 da92d453eed ... 8f09. Check the wiki article about DANE for more information.
    - Optionally enter a TTL, or leave it empty to default to 3600 seconds.
  6. Click Create record to save your settings.
Example: In the screenshot below we have added the TLSA record with the hostname _25._tcp.mail for one-example.net and value 3 1 1 da92d453eed5c0aede4 ... 8f09. The TTL is left empty, which will make it default to 3600.

dns-tlsa.png

Related articles:

How do I create an SPF record?
How do I create an SSHFP record?
Was this article helpful?

Can’t find what you are looking for?

Start a chat

It's the quickest way to get in touch, every day of the year.

Start chat

Give us a call

Available on weekdays from 10am to 2pm (UTC).

Call +44 20 8106 0910