DNSSEC DANE Protocol

With the global emergence of DNSSEC in recent years, a new protocol called DANE (DNS-Based Authentication of Named Entities) is a way of to authenticate TLS client and server sessions without the need of a Certificate Authority. The need of using a DANE record has become more popular in recent years due to security breaches of a few Certificate Authorities, which caused SSL certificates to be issued to non-domain owners for the specified domain.

In November of 2015, Cloudflare announced that any customer can secure their traffic with DNSSEC. A number of customers have written in asking about when the DANE protocol will also become available. Presently, none of the major browsers have adopted DANE. We are currently in works with several different browsers about implementing this in the future, however there is no ETA on when this will become available. You can follow our blog through the link below for any updates on the availability of DANE through Cloudflare.

Still not finding what you need?

The CloudFlare team is here to help. 95% of questions can be answered using the search tool, but if you can’t find what you need, submit a support request.

Powered by Zendesk