Unlike other similar implementations DNSSEC/DANE Validator will not query any arbitrary 3rd party API services but simply uses DNS over HTTPS.

You can use any DoH server supporting DNSSEC, either one of the preconfigured or any custom server, including your own.

Also validates DANE as long as a) at least one TLSA record is present and b) the record(s) are DNSSEC secured.

DNSSEC/DANE status is displayed in the address bar along with a popup containing further info (not available on Android)

Possible statuses:
White open lock: Not tested, host is either local or hidden service
Yellow open lock: Host doesn't support DNSSEC
Red open lock: DNSSEC is invalid
Orange unlocked lock: Host is DNSSEC secured but DANE failed
Green closed lock: Host is DNSSEC secured
Green key: Host is DNSSEC secured and DANE valid (DANE status is displayed in the popup including usage and issuer common name)

Display a notification or block requests to domains which fail DNSSEC/DANE validation and furthermore block any domain which doesn't support DNSSEC (which will probably break most of the internet)

DoHjs by BYU Internet Measurement and Anti-Abuse Lab (https://github.com/byu-imaal/dohjs/blob/master/LICENSE)
PKI.js by Peculiar Ventures (https://github.com/PeculiarVentures/PKI.js/blob/master/LICENSE)
Icons by Font Awesome (https://fontawesome.com/license)

Install

• License: GNU General Public License v3.0 or later
• Weekly downloads: 11
• Average daily users: 236
• Rating: 4.2222/5 of 9 ratings
• Created: 2021-04-07 07:19:43
• Last updated: 2021-12-23 06:26:11
• Homepage:
• Support site and email
• Orig: https://addons.mozilla.org/en-US/firefox/addon/dnssec-dane-validator/
• API: dnssec-dane-validator@defkev