Skip to main content
SecScannerSecScanner
Security ChecksFree ToolsPricingBlog
Get Started
Sign InGet Started
All Security Checks
DNSLow PriorityPro

DANE/TLSA Records

DANE (DNS-based Authentication of Named Entities) uses TLSA DNS records to cryptographically bind TLS certificates to domain names via DNSSEC.

Why It Matters

DANE provides an alternative to the CA trust model by allowing domain owners to specify exactly which certificates are valid. This prevents attacks from compromised Certificate Authorities.

How We Check

We query for TLSA records at _443._tcp.{domain} using DNS-over-HTTPS and validate the record format including usage, selector, and matching type fields.

How to Fix

Enable DNSSEC for your domain first. Then add TLSA records: generate with 'tlsa --create --selector 1 --mtype 1 hostname'. Update records when certificates change.

Related Security Checks

TLS

Certificate Hostname & Chain

DNS

DNS Security

DNS

CAA DNS Records

Check Your Website Now

Run a free security scan to check for DANE/TLSA Records issues and 58+ other security vulnerabilities.

Scan Your Website Free

Product

  • Security Checks
  • Free Tools
  • SSL Checker
  • Vulnerability Scanner
  • Email Security
  • Pricing
  • Compliance
  • Security Reports

Popular Checks

  • CSP Check
  • HSTS Check
  • TLS Version Check
  • SSL Expiry Check
  • SPF/DKIM/DMARC Check
  • Cookie Security Check
  • JS Vulnerability Scan
  • OCSP Stapling Check

Resources

  • Blog
  • Glossary
  • Contact

Legal

  • Terms of Use
  • Privacy Policy
  • Refund Policy
  • Cookie Policy

© 2025-2026 SecScanner. All rights reserved.