Search... ⌘ K
Get Started Contact Sales

Managing TLSA Records

Table of Contents

You can manage TLSA records in DNSimple using the DNS record editor.

The instructions in this article assume you’re familiar with the TLSA record format and usage.

Note

TLSA records are only supported on the DNSimple name servers. We don’t support transferring TLSA records to secondary name servers.

[!IMPORTANT]
TLSA records provide security benefits only when used in conjunction with DNSSEC (DNS Security Extensions). Without DNSSEC, an attacker could modify TLSA records to point to their own certificates, negating the security benefits. Before adding TLSA records, ensure that DNSSEC is enabled for your domain.

Adding a TLSA record

To add a TLSA record

  1. Use the account switcher at the top right corner of the page to select the appropriate account.
  2. From the Domain Names list, click the domain you want to manage.
  3. On the domain page, click DNS at the top-right to open the Record Editor.
  4. In the record editor, click Add, and select TLSA to add a new TLSA record.

  5. Enter the TLSA record information.

    • Name: the service name and port you want to create the record for, following the format _port._protocol.hostname. For example, for HTTPS on port 443, you would enter _443._tcp. For SMTP on port 25, you would enter _25._tcp. Leave the hostname portion blank to represent the root domain, or specify a subdomain.
    • Usage: the usage field value (0-3) that indicates how the TLSA record should be used.
    • Selector: the selector field value (0-1) that specifies which part of the certificate to match.
    • Matching Type: the matching type field value (0-2) that defines how the certificate data is represented.
    • Certificate Association Data: the certificate data or hash value that should be matched.

    As with any other DNS record, you can configure:

    Once you’re ready, click to confirm and create the record.

  6. The record is created and visible in the record list.

Note

Some hosting providers label fields differently than DNSimple does, which can be confusing if you’re copying DNS settings from another provider.

  • In DNSimple, Name = what others might call Host.
  • In DNSimple, Content = what others might call Value.

Updating a TLSA record

To update a TLSA record

  1. Use the account switcher at the top right corner of the page to select the appropriate account.
  2. From the Domain Names list, click the domain you want to manage.
  3. On the domain page, click DNS at the top-right to open the Record Editor.
  4. Locate the TLSA record you want to update in the list.

  5. Click the edit icon (🖊️) at the end of the record row to edit it.

  6. Update the information and click Update Record to save the record.

Removing a TLSA record

To remove a TLSA record

  1. Use the account switcher at the top right corner of the page to select the appropriate account.
  2. From the Domain Names list, click the domain you want to manage.
  3. On the domain page, click DNS at the top-right to open the Record Editor.
  4. Locate the TLSA record you want to remove in the list.

  5. Click the trash icon at the end of the row to delete it.

  6. Confirm the dialog to delete the record.

Have more questions?

If you have additional questions or need any assistance with your TLSA records, just contact support, and we’ll be happy to help.