The TLS Authentication record (TLSA) is used to associate a TLS server certificate or public key with the domain name where the record is found. With a TLSA record, you can store the fingerprint of a TLS/SSL certificate in the DNS of your domain.
TLSA records can only be trusted if DNSSEC is enabled on your domain.
TLSA record has the following components:
The TLSA Record has the following look in your DNS zone management page:
|_port._protocol.host.domain.com||TLSA||0 0 0 00000000000000000000000||1 Hour|
How to add it?
Go to your DNS zone management page and click on “Add new record”. For "Type" choose "TLSA" and type as follows:
*This hostname is used as an example.