retrieve TLSA record also if it is not secured by DNSSEC

Paul Wouters paul at
Wed Feb 12 19:57:22 UTC 2020

On Wed, 12 Feb 2020, Elmar Stellnberger via Unbound-users wrote:

> hash-slinger's "tlsa" command? I have never heard of it. I just have the 
> libunbound library here. I do not even have the unbound-host executable here 
> which you mentioned in my previous mail.

> The atea tool I am already offering for download is something like a light 
> weight curl or wget for https/DANE without html support. It can be used to 
> download files though.

Oh I see. That is different then. The tlsa command is used to generate
or verify certificates with their DNSSEC TLSA record entries. It
supports both websites and mailservers.

A tool that adds curl/wget support for TLSA is cool. although cooler
would be if curl/wget get native support of course :) Maybe Viktor
knows more about curl with openssl/tlsa support?


More information about the Unbound-users mailing list