|Feature overview=This feature performs domain validation in TLS sessions by using DNSSEC chains.
|Feature users and use cases=Server administrators can put key/certificate information in DNS records they control (e.g. TLSA records). This information is verifiable through DNSSEC. The browser can then use this in place of or alongside certificate chain validation.