record:tlsa : DNS TLSA record object.

The TLSA DNS resource record (RR) is used to associate a TLS server certificate or public key with the domain name where the record is found, thus forming a ‘TLSA certificate association’. For further details see RFC-6698. Note that you must specify only one view for the attribute ‘views’.

Object Reference

References to record:tlsa are object references. The name part of a TLSA record object reference has the following components:

  • Name of the record
  • Name of the view

Example: record:tlsa/ZG5zLmhvc3RjkuMC4xLg:9.9.0.1/some.name.com/default

Fields

These fields are actual members of the object; thus, they can be requested by using _return_fields, if the fields are readable.

The basic version of the object contains the field(s): name, view.

The following fields are required to create this object:

Field Notes
certificate_data  
name  

certificate_data

certificate_data

Hex dump of either raw data for matching type 0, or the hash of the raw data for matching types 1 and 2.

Type

String.

Create

The field is required on creation.

Search

The field is not available for search.

certificate_usage

certificate_usage

Specifies the provided association that will be used to match the certificate presented in the TLS handshake. Based on RFC-6698.

Type

Unsigned integer.

Create

The default value is 0.

Search

The field is not available for search.

cloud_info

cloud_info

Structure containing all cloud API related information for this object.

Type

A/An Cloud Information struct.

Search

The field is not available for search.

Notes

The cloud_info cannot be updated.

cloud_info cannot be written.

comment

comment

Comment for the record; maximum 256 characters.

Type

String.

Values with leading or trailing white space are not valid for this field.

Create

The default value is empty.

Search

The field is available for search via

  • ‘:=’ (case insensitive search)
  • ‘=’ (exact equality)
  • ‘~=’ (regular expression)

creator

creator

The record creator. Note that changing creator from or to ‘SYSTEM’ value is not allowed.

Type

String.

Valid values are:
  • DYNAMIC
  • STATIC
  • SYSTEM

Create

The default value is STATIC.

Search

The field is available for search via

  • ‘=’ (exact equality)

disable

disable

Determines if the record is disabled or not. False means that the record is enabled.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

dns_name

dns_name

The name of the TLSA record in punycode format.

Type

String.

Values with leading or trailing white space are not valid for this field.

Search

The field is not available for search.

Notes

The dns_name cannot be updated.

dns_name cannot be written.

extattrs

extattrs

Extensible attributes associated with the object.

For valid values for extensible attributes, see the following information.

Type

Extensible attributes.

This field allows +/- to be specified as part of the field name when updating the object, see the following information.

Create

The default value is empty.

Search

For how to search extensible attributes, see the following information.

last_queried

last_queried

The time of the last DNS query in Epoch seconds format.

Type

Timestamp.

Search

The field is not available for search.

Notes

The last_queried cannot be updated.

last_queried cannot be written.

matched_type

matched_type

Specifies how the certificate association is presented. Based on RFC-6698.

Type

Unsigned integer.

Create

The default value is 0.

Search

The field is not available for search.

name

name

The TLSA record name in FQDN format. This value can be in unicode format.

Type

String.

Values with leading or trailing white space are not valid for this field.

Create

The field is required on creation.

Search

The field is available for search via

  • ‘:=’ (case insensitive search)
  • ‘=’ (exact equality)
  • ‘~=’ (regular expression)

Notes

The name is part of the base object.

selector

selector

Specifies which part of the TLS certificate presented by the server will be matched against the association data. Based on RFC-6698.

Type

Unsigned integer.

Create

The default value is 0.

Search

The field is not available for search.

ttl

ttl

The Time to Live (TTL) value for the record. A 32-bit unsigned integer that represents the duration, in seconds, for which the record is valid (cached). Zero indicates that the record should not be cached.

Type

Unsigned integer.

Create

The default value is empty.

Search

The field is not available for search.

Notes

ttl is associated with the field use_ttl (see use flag).

use_ttl

use_ttl

Use flag for: ttl

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

view

view

The name of the DNS view in which the record resides. Example: “external”.

Type

String.

Values with leading or trailing white space are not valid for this field.

Create

The default value is The default DNS view.

Search

The field is available for search via

  • ‘=’ (exact equality)

Notes

The view is part of the base object.

zone

zone

The name of the zone in which the record resides. Example: “zone.com”. If a view is not specified when searching by zone, the default view is used.

Type

String.

Values with leading or trailing white space are not valid for this field.

Search

The field is available for search via

  • ‘=’ (exact equality)

Notes

The zone cannot be updated.

zone cannot be written.

Fields List

Field Type Req R/O Base Search
certificate_data String Y N N N/A
certificate_usage Unsigned int N N N N/A
cloud_info struct N Y N N/A
comment String N N N : = ~
creator String N N N =
disable Bool N N N N/A
dns_name String N Y N N/A
extattrs Extattr N N N ext
last_queried Timestamp N Y N N/A
matched_type Unsigned int N N N N/A
name String Y N Y : = ~
selector Unsigned int N N N N/A
ttl Unsigned int N N N N/A
use_ttl Bool N N N N/A
view String N N Y =
zone String N Y N =