Support for TLSA / DANE proto

The DNSSEC KSK-rollover worked like a charm! :grin:
I vote for automatic TLSA-RR creation for Cloudflare certificates, too! :slight_smile:

totally any service that does auto-certs should do this. PKIX-EE entries would obviously be awesome.

Any new information out there about TLSA/DANE?

Already having fully implemented DNSSEC with CloudFlare (TLD, registrar, domain).

I have tired to add the TLSA record to my existing domain, but when checking from different tools, it’s not even recognized as added or I am doing something wrong.

I have used the generator and tutorial here:

  1. https://help.one.com/hc/en-us/articles/360000836177-How-do-I-create-a-TLSA-record-
  2. https://www.huque.com/bin/gen_tlsa

Moreover, tested with:
https://www.huque.com/bin/danecheck

Thank you!