Questions tagged [dane]

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates, commonly used for Transport Layer Security (TLS), to be bound to DNS names using Domain Name System Security Extensions (DNSSEC).

7 questions

votes

1 answer

How to use DANE with Java?

How can I write a X509TrustManager in Java that used DANE (DNS-based Authentication of Named Entities)? Are there any samples or a library? Or has Java build in support for DANE?

asked May 15 '14 at 16:04

Horcrux7

21,867
21
85
134

votes

0 answers

What is the correct TLSA record for the QUIC protocol?

As QUIC is based on UDP, is the following entry correct? _443._udp.example.com. 300 IN TLSA 1 0 1 HASH...

dnssec quic dane

asked Jun 18 '18 at 15:55

David Sardari

votes

0 answers

dane (TLSA) validation java

I need to validate the DANE certificate from random websites. I have tried https://www.bouncycastle.org/java.html (The Bouncy Castle Crypto APIs for Java) and there is an example that goes near to what I need:…

java android dnssec dane

asked Nov 19 '15 at 21:57

user1579879

vote

2 answers

How to list all DNS records including DANE TLSA

I would like to list all/any DNS records including the DANE TLSA. With dig mailbox.org ANY I get all records including DNSSEC etc. but nothing about DANE. Why? With dig _443._tcp.mailbox.org. ANY I get the DANE TLSA records. I've read the…

dns lookup dig dnssec dane

asked Oct 11 '17 at 04:08

FelixF

votes

0 answers

What's the proper way to validate a (possible) self signed cert with DANE?

In a nutshell, DANE means: check the SSL certificate fingerprint against a DNS record. What I'd like to do is: in a HTTPS request: Check the regular SSL cert; If ok, done! if it's a self signed cert (or failed to validate for any other reason)…

node.js ssl ssl-certificate self-signed dane

asked Apr 17 '21 at 16:14

Falci

1,563
4
21
49

votes

0 answers

How to interpret SSLPolicyErrors for validating Https Requests with DANE

I'm currently working on a project where I need to validate Https Requests based on known TLSA records. The steps are: I perform a DNS lookup and obtain all TLSA records of the domain I perform the Https request and use the…

c# .net pkix dane

asked Aug 04 '20 at 12:19

der Bomber

votes

1 answer

How add TLSA RR in Windows server 2016 DNS zone

I am going to implement DANE protocol on Windows server 2016. I configured DNS and Active directories. Now I want to generate self signed certificate for my domain and Generate TLSA record. and I want to add TLSA record in DNS.

dns windows-server-2016 dane

asked Mar 01 '18 at 08:40

Milind Sutar