TLSA Validator
Extension Actions
Check TLSA records
TLSA Validator allows you to check the existence and validity of DNSSEC signed DNS records for domains. If a valid DNSSEC chain to the domain is found it will also check for the existence of TLSA records. TLSA records can store hashes of remote server TLS/SSL certificates. The authenticity of a TLS/SSL certificate for a domain name is verified by DANE protocol (RFC 6698). DNSSEC and TLSA validation results are displayer by using several icons. Additional explanatory texts are shown in the page’s address bar. Clicking on a given icon symbol reveals more detailed security information.
IMPORTANT! This add-on communicates with an external binary application through the native messaging interface. The binary application is required for correct working of the add-on. The binary can be downloaded from www.dnssec-validator.cz/pages/download.html#package. Keep in mind that the version of the binary and of the extension must match.
Latest reviews
- Farhan Islam
- The module had stopped working, and they had official announcement about this on there website. https://www.dnssec-validator.cz/
- Farhan Islam
- The module had stopped working, and they had official announcement about this on there website. https://www.dnssec-validator.cz/
- Andy Haubenschmid
- Thank you very much for this helpful security plugin. Simple shows if the domainname is secured by dnssec and if it is so, it checks if the site has a valid tlsa entry for the current address and corresponding certificate. Very easy to see, if the site could be trusted.
- Andy Haubenschmid
- Thank you very much for this helpful security plugin. Simple shows if the domainname is secured by dnssec and if it is so, it checks if the site has a valid tlsa entry for the current address and corresponding certificate. Very easy to see, if the site could be trusted.
- Thomas Bennek
- One of the best security tools! Please keep the support up!
- Thomas Bennek
- One of the best security tools! Please keep the support up!
- Joshua Cornutt
- Doesn't work in Chrome latest.
- Joshua Cornutt
- Doesn't work in Chrome latest.
- Andre Luiz Bellafronte Kutianski
- Dont WOrk any more, out of date
- Andre Luiz Bellafronte Kutianski
- Dont WOrk any more, out of date
- Gert Jan Zeilstra
- The DNSSEC works great but the real problem behind TLSA is that most hosting companies and DNS registrars don't support this. It is too new and not widely adopted. We asked our registrar and they told us that TLSA is being looked at but is not supported yet. Also our business hosting company has no support for this. At that point most website owners will abandon TLSA until it is supported. Yes, you can do it manually but that is not very simple and most people should not attempt this. This is the domain of skilled system administrators. Of course we will study it a bit more and see if we can get this working in the future.
- Gert Jan Zeilstra
- The DNSSEC works great but the real problem behind TLSA is that most hosting companies and DNS registrars don't support this. It is too new and not widely adopted. We asked our registrar and they told us that TLSA is being looked at but is not supported yet. Also our business hosting company has no support for this. At that point most website owners will abandon TLSA until it is supported. Yes, you can do it manually but that is not very simple and most people should not attempt this. This is the domain of skilled system administrators. Of course we will study it a bit more and see if we can get this working in the future.
- Ondřej Caletka
- Works perfectly with the latest Chrome or Chromium. Installation of the supporting binary is very simple.
- Ondřej Caletka
- Works perfectly with the latest Chrome or Chromium. Installation of the supporting binary is very simple.