https://www.pistack.xyz/tags/dane/ Recent content in Dane on Pi Stack Hugo en-us Thu, 21 May 2026 00:00:00 +0000 https://www.pistack.xyz/posts/2026-05-21-self-hosted-dns-tlsa-dane-management-hash-slinger-ldns-knot-guide/ Thu, 21 May 2026 00:00:00 +0000 https://www.pistack.xyz/posts/2026-05-21-self-hosted-dns-tlsa-dane-management-hash-slinger-ldns-knot-guide/ <p>DANE (DNS-based Authentication of Named Entities) is a protocol that uses DNSSEC-secured TLSA records to associate TLS certificates with domain names. Instead of relying solely on certificate authorities (CAs) for trust validation, DANE allows domain owners to publish certificate fingerprints directly in DNS. This eliminates the risk of rogue CA-issued certificates and gives administrators complete control over TLS trust chains. In this guide, we compare three open-source tools for managing TLSA records and DANE validation: hash-slinger, ldns (with ldns-dane), and Knot DNS.</p>