TLSA/DANE Lookup API — DNS Certificate Pinning

Description

Query TLSA DNS records used by DANE (DNS-based Authentication of Named Entities) to pin TLS certificates to DNS. Verify that DANE is correctly configured for certificate validation without relying solely on Certificate Authorities.

Use Cases

Verify DANE/TLSA configuration for mail servers
Audit TLS certificate pinning via DNS
Check DANE support for email encryption (SMTP DANE)
Validate TLSA record parameters (usage, selector, matching type)

Parameters

Name	Type	Required	Description
`domain`	string	Yes	Domain name to look up
`port`	integer	No	Port number. Default: 443
`format`	string	No	Response format: json or markdown

Example Request

bash

curl -H 'X-API-Key: YOUR_KEY' \
  'https://api.example.com/dns/tlsa?domain=example.com&port=25'

python

import httpx

resp = httpx.get(
    "https://api.example.com/dns/tlsa?domain=example.com&port=25",
    headers={"X-API-Key": "YOUR_KEY"},
)
print(resp.json())

javascript

const resp = await fetch("https://api.example.com/dns/tlsa?domain=example.com&port=25", {
  headers: { "X-API-Key": "YOUR_KEY" },
});
const data = await resp.json();
console.log(data);

Example Response

json

{
  "domain": "_25._tcp.example.com",
  "records": [
    {"usage": 3, "selector": 1, "matching_type": 1, "certificate_data": "abc123..."}
  ],
  "has_tlsa": true
}

TLSA/DANE Lookup

Description

Use Cases

Parameters

Related Tools in DNS

DNS Propagation Checker

DNS Lookup

DNS Lookup All

Bulk DNS Lookup

Compare DNS Resolvers

DNS-over-HTTPS Test