TLSA lookup

TLSA records can be configured by the owner of a domain name. They are used to store information in the DNS, which can be looked up by anyone. Each record type has a different purpose.

TLSA records are configured in DNS. But how can you look up these TLSA records? That depends on the operating system you are using. Windows, Linux and Mac all have a different way of finding TLSA records. The sections below contain instructions for each operating system.

How to lookup TLSA records on Windows

The TLSA record type cannot be looked up in Windows. Neither nslookup, nor Powershell's Resolve-DnsName has support for it. You can either install WSL and follow the Linux instructions below, or use an online TLSA lookup tool like the one on the top of this page.

How to lookup TLSA records on Mac OS

To check the TLSA records for a certain domain name on a Mac, follow these steps:

1. Open a terminal by entering [command] + [space] → 'terminal.app' → [enter].
2. Type dig example.com tlsa and hit [enter] to get the TLSA records for example.com.
3. The TLSA records are listed below the ANSWER SECTION heading.

How to lookup TLSA records on Linux

To check the TLSA records for a certain domain name on Linux, follow these steps:

1. Open a terminal by entering [Super] → 'terminal' → [enter].
2. Type dig example.com tlsa and hit [enter] to get the TLSA records for example.com.
3. The TLSA records are listed below the ANSWER SECTION heading.

How to find TLSA records

To check the TLSA records of a domain, follow these steps:

1. Open the TLSA lookup tool.
2. Enter the domain name and hit [enter].
3. The tool will query the TLSA records and shown them at the top of the page.

How to lookup other record types

There are other types of DNS records then just TLSA. The most commonly used DNS record types are A, AAAA, CNAME, NS, TXT, MX and SOA. If you'd like to look up all records of these record types, you can do so with nslookup. Click any of the record types below to find DNS records for that specific record type.

• A lookup — IPv4 address
• AAAA lookup — IPv6 address
• AFSDB lookup — AFS database location
• APL lookup — Address prefix list
• AXFR lookup — Authoritative zone transfer
• CAA lookup — Certification authority authorization
• CDNSKEY lookup — Child copy of a DNSKEY
• CDS lookup — Child copy of DS
• CERT lookup — Cryptographic certificate
• CNAME lookup — Canonical name
• CSYNC lookup — Child-to-parent synchronization
• DHCID lookup — DHCP identifier
• DLV lookup — DNSSEC lookaside validation
• DNAME lookup — Delegation name
• DNSKEY lookup — Cryptographic key for DNSSEC
• DS lookup — Delegation signer
• EUI48 lookup — MAC address (EUI-48)
• EUI64 lookup — Mac address (EUI-64)
• HINFO lookup — Host information
• HIP lookup — Host identification protocol
• HTTPS lookup — HTTPS binding
• IPSECKEY lookup — Cryptographic key for IPsec
• IXFR lookup — Incremental zone transfer
• KEY lookup — Cryptographic key for DNSSEC (obsoleted by DNSKEY)
• KX lookup — Key exchange
• LOC lookup — Geographical location
• MX lookup — Mail exchange
• NAPTR lookup — Naming authority pointer
• NS lookup — Name server
• NSEC3 lookup — Next secure (version 3)
• NSEC3PARAM lookup — Parameter for NSEC3
• NSEC lookup — Next secure (obsoleted by NSEC3)
• NXT lookup — DNSSEC key (obsoleted by NSEC)
• OPENPGPKEY lookup — Public key for OpenPGP
• OPT lookup — EDNS option
• PTR lookup — Canonical name pointer
• RP lookup — Responsible person
• RRSIG lookup — Resource record signature for DNSSEC
• SIG lookup — Resource record signature for DNSSEC (obsoleted by RRSIG)
• SMIMEA lookup — S/MIME association
• SOA lookup — Start of authority
• SPF lookup — Sender Policy Framework
• SSHFP lookup — Public key fingerprint for SSH
• SVCB lookup — Service binding
• SRV lookup — Service locator
• TA lookup — Trust authority for DNSSEC
• TKEY lookup — Transaction key
• TSIG lookup — Transaction signature
• TXT lookup — Human-readable text
• URI lookup — Uniform resource identifier
• ZONEMD lookup — Message digest for DNS zones