Deploy360 10 October 2012

21 Sites You Can Use To Test DANE Support (DNSSEC + SSL/TLS)

By Dan YorkDirector, Internet Technology

Have you been working on an application that uses the new DANE protocol to combine the encryption of SSL/TLS with the strong integrity protection of DNSSEC? Have you been looking for a way to test your application with a variety of different test cases? If so, we’ve started compiling a list of sites that are currently publishing the TLSA records used by DANE. You can find the list at:

As you’ll see on that page, we currently have sites listed for the following protocols and situations:

  • HTTP – Valid TLSA Record With Valid CA-signed TLS Certificate
  • HTTP – Valid TLSA Record With Valid Self-signed TLS Certificate
  • HTTP – Valid TLSA Record With Invalid CA-signed TLS Certificate
  • HTTP – Invalid TLSA Record
  • HTTP – Valid TLSA Record With Invalid DNSSEC Signature
  • SMTP
  • XMPP/Jabber

If you are currently publishing TLSA records, please do let us know and we’ll be glad to add your site to the list. In these early days we’d like to make it as easy as possible for developers to find sites with which they can test their apps.

Thanks – and we’re looking forward to seeing the wide deployment of DANE enabling a much more secure Internet!

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...