Create TLSA record
Dynu gives you full control over all the DNS configurations for your domain names.
You can log onto the control panel to manage your DNS records.
To add a TLSA record in the control panel, you may follow these 3 steps.
Step 2
Go to
DNS Records
to add a TLSA record. The screenshot below shows how to add a TLSA record for dynu.biz.
The node name typically includes the port and protocol prefix, for example _443._tcp.
Node Name Enter the port and protocol prefix for the service, for example _443._tcp for HTTPS on port 443.
Type Choose "TLSA - Transport Level Security".
TTL How long the server should cache the information. The TTL is set in seconds, 60 is 1 minute, 1800 is 30 minutes.
Certificate Usage Specifies how the certificate should be verified. Use 0 for CA constraint, 1 for service certificate constraint, 2 for trust anchor, or 3 for domain-issued certificate.
Selector Specifies which part of the certificate is matched. Use 0 for the full certificate or 1 for the public key only.
Matching Type Specifies how the certificate data is presented. Use 0 for the full data, 1 for a SHA-256 hash, or 2 for a SHA-512 hash.
Certificate Data The certificate or public key data in hexadecimal format, or its hash depending on the Matching Type selected.
Step 3
Check if your TLSA record has gone into effect using the DNS Lookup tool. Enter _443._tcp.dynu.biz as Hostname, and choose "TLSA - TLS Certificate Association" as Type.
What is a TLSA record?
TLSA records hold Certificate Association data and are used to specify the keys used in a domain's TLS servers. By publishing certificate information in DNS, TLSA records allow clients to verify a server's TLS certificate without relying solely on certificate authorities. TLSA records can only be trusted if DNSSEC is enabled on your domain.How to add a TLSA record?
To add a TLSA record in the control panel, you may follow these 3 steps.
Step 2
Go to
DNS Records
to add a TLSA record. The screenshot below shows how to add a TLSA record for dynu.biz.
The node name typically includes the port and protocol prefix, for example _443._tcp.
Node Name Enter the port and protocol prefix for the service, for example _443._tcp for HTTPS on port 443.
Type Choose "TLSA - Transport Level Security".
TTL How long the server should cache the information. The TTL is set in seconds, 60 is 1 minute, 1800 is 30 minutes.
Certificate Usage Specifies how the certificate should be verified. Use 0 for CA constraint, 1 for service certificate constraint, 2 for trust anchor, or 3 for domain-issued certificate.
Selector Specifies which part of the certificate is matched. Use 0 for the full certificate or 1 for the public key only.
Matching Type Specifies how the certificate data is presented. Use 0 for the full data, 1 for a SHA-256 hash, or 2 for a SHA-512 hash.
Certificate Data The certificate or public key data in hexadecimal format, or its hash depending on the Matching Type selected.
Step 3
Check if your TLSA record has gone into effect using the DNS Lookup tool. Enter _443._tcp.dynu.biz as Hostname, and choose "TLSA - TLS Certificate Association" as Type.