TLSA

TLSA is a DNS resource record type defined for the DNS-based Authentication of Named Entities (DANE). It allows domain owners to publish bindings between a TLS service’s certificate and DNS records, enabling TLS authentication to be performed using DNSSEC-protected data rather than relying solely on the traditional public key infrastructure (PKI).

A TLSA record is stored in DNS and is typically associated with a specific TLS service name,

A TLSA record contains four fields: usage, selector, matching type, and data. The usage indicates how the

TLSA is intended to complement or, in some deployments, replace traditional certificate validation. It relies on