Donate
‹ Back
Domain Name System Security Extensions (DNSSEC) 4 October 2012

DANE Test Sites

The following sites support the DANE protocol by publishing TLSA records. If you are developing software that supports the DANE protocol, you can visit these sites to test your DANE support.  Note that we use the term “TLS certificate” here for what is commonly referred to as a “SSL certificate”.

Test sites verified on: November 10, 2014.  Thanks to Viktor Dukhovni for his testing.

Sites that provide tests for DANE records

 HTTP – Valid TLSA Record With Valid CA-signed TLS Certificate

The following two sites have valid TLSA records with valid CA-signed TLS certificates, but also include non-https content and so may generate additional errors:

The following sites use a valid CA-signed TLS certificate, but the CA is CAcert, a free CA that is not commonly configured in web browsers:

HTTP – Valid TLSA Record With Valid Self-signed TLS Certificate

HTTP – Valid TLSA Record With Invalid CA-signed TLS Certificate

HTTP – Invalid (Broken) TLSA Record With Valid Self-signed TLS Certificate

HTTP – Valid TLSA Record With Invalid DNSSEC Signature

SMTP

The following sites support using DANE for email by publishing TLSA records associated with MX records:

  • ietf.org
  • openssl.org
  • jhcloos.com
  • nlnetlabs.nl (for ports 25, 465, 587)
  • nlnet.nl (for ports 25, 465, 587)
  • spodhuis.org

XMPP / Jabber

The following sites support using DANE for TLS connections to their XMPP/Jabber server:

Adding More Sites

If you support DANE with your site and would like to add it to this list, please contact us. Eventually, of course, we would like to hope that DANE is so widely deployed that this list of test sites will no longer be needed.

‹ Back

Related resources

The DANE Protocol - DNS-Based Authentication of Named Entities
Domain Name System Security Extensions (DNSSEC)4 October 2012

The DANE Protocol – DNS-Based Authentication of Named Entities

If you connect to a website using a "secure" connection over TLS/SSL, how do you know you are using the correct...

Hash-slinger - a tool for creating TLSA records for the DANE protocol
Domain Name System Security Extensions (DNSSEC)30 November 2012

Hash-slinger – a tool for creating TLSA records for the DANE protocol

Hash-slinger is a package of tools created by Paul Wouters of RedHat to make it easy to create records for ...

DNSSEC Test Sites
Domain Name System Security Extensions (DNSSEC)13 June 2013

DNSSEC Test Sites

If you have a new application or service where you want to test how DNSSEC validation works, the sites listed...

Join the conversation with Internet Society members around the world