The TLSA record is part of the DANE (DNS-based Authentication of Named Entities) specification, defined in. DANE is used to associate a TLS server certificate or public key with the domain name.
ℹ️ For more information, read RFC 6698 and the Wikipedia Article about DANE.
The form has the following fields:
• Service-Descriptor: The service descriptor defines the port and protocol the record is for. e.g. _443._tcp.mydomain.tld. for HTTPS.
• TLSA-Data: The TLSA Data consisting of TLSA Certificate Usage, TLSA-Selector, TLSA Matching Type followed by the hash value of the combined public cerrtificate and CA certificate. Alle values are separated by whitespace.
Example: 3 1 1 0328df5ceca8a1cd3ad47d8758db9051
• TTL: The time interval (in seconds) that this record may be cached before the source of the information should again be consulted. Zero values are interpreted to mean that the record can only be used for the transaction in progress, and should not be cached.
• Active: This defines whether this SRV record is active or not.
