Support for TLSA / DANE proto

The DNSSEC KSK-rollover worked like a charm! :grin:
I vote for automatic TLSA-RR creation for Cloudflare certificates, too! :slight_smile:

totally any service that does auto-certs should do this. PKIX-EE entries would obviously be awesome.

Any new information out there about TLSA/DANE?

Already having fully implemented DNSSEC with CloudFlare (TLD, registrar, domain).

I have tired to add the TLSA record to my existing domain, but when checking from different tools, it’s not even recognized as added or I am doing something wrong.

I have used the generator and tutorial here:


Moreover, tested with:

Thank you!