DNSSEC/TLSA Validator allows you to check the existence and validity of DNS Security Extensions (DNSSEC
) signed records. If a valid DNSSEC chain related to the domain is found the plug-in will also check for the existence of Transport Layer Security Association (TLSA) records. TLSA records store hashes of remote server TLS/SSL certificates. The authenticity of a TLS/SSL certificate for a domain name is verified by the DANE
protocol (RFC 6698). DNSSEC and TLSA validation results are displayer by using several icons. Clicking on a given icon symbol reveals more detailed information.
DNSSEC/TLSA Validator uses external libraries to resolve and validate DNSSEC/TLSA signatures and to verify HTTPS server certificates. More info is available on the www.dnssec-validator.cz
page.RECOMMENDATION: If you are still using DNSSEC Validator 1.1.5 then you should manually uninstall the old version and restart the browser before installing version 2.x. into Firefox
. If you don't do that the new version 2.x will most likely cause crashes of the plug-in core.WARNING:
Please note that this is a security extension that relies on properly working DNS resolvers. The browser can be slowed down with blocking calls when resolving DNSSEC/TLSA records. This takes a long time on broken resolvers.