Domain & DNS Check n°34 / 120

DANE / TLSA

DANE (DNS-based Authentication of Named Entities) with TLSA allows anchoring a server's TLS certificate directly in DNS, signed by DNSSEC. T…

Analyse my site for free
← All checks
How it works

How TheSiteFuse checks "DANE / TLSA"

DANE (DNS-based Authentication of Named Entities) with TLSA allows anchoring a server's TLS certificate directly in DNS, signed by DNSSEC. This means an attacker cannot substitute a certificate even if they compromise a certificate authority. The _443._tcp.domain TLSA record publishes the certificate hash.

Why it matters

Real-world impact of "DANE / TLSA"

DANE is an advanced protection against certificate authority compromise (as happened with DigiNotar in 2011). It's mainly used for email servers (SMTP) and requires DNSSEC to be effective. For websites, it remains uncommon but provides an additional security layer.

Does your site pass this check?

Run the free full audit (120 checks) and instantly discover what needs fixing.

Previous TLS-RPT (email TLS reports) Next Zone transfer protection (AXFR)

Other Domain & DNS checks

Valid A/AAAA record
Domain expiration
MX records
SPF record
Continue with Google
or