{"id":15550,"date":"2026-04-13T17:32:53","date_gmt":"2026-04-13T14:32:53","guid":{"rendered":"https:\/\/www.ihs.com.tr\/blog\/?p=15550"},"modified":"2026-04-13T17:32:53","modified_gmt":"2026-04-13T14:32:53","slug":"tlsa-kaydi-nedir","status":"publish","type":"post","link":"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/","title":{"rendered":"TLSA Kayd\u0131 Nedir? Sunucunun Hangi TLS Sertifikas\u0131n\u0131 Bekledi\u011fini Taray\u0131c\u0131ya Bildirme"},"content":{"rendered":"<p>\u0130nternet \u00fczerindeki ileti\u015fimin g\u00fcvenli\u011fi, dijital d\u00fcnyan\u0131n temel ta\u015flar\u0131ndan biridir. Kullan\u0131c\u0131lar ve sunucular aras\u0131ndaki veri ak\u0131\u015f\u0131n\u0131 \u015fifreleyerek koruyan TLS (Transport Layer Security) protokol\u00fc, bu g\u00fcvenli\u011fin merkezinde yer al\u0131r. Geleneksel olarak bu g\u00fcvenlik, Sertifika Otoriteleri (CA) taraf\u0131ndan verilen SSL sertifikalar\u0131na dayan\u0131r. Ancak bu model, tek bir CA&#8217;n\u0131n g\u00fcvenlik ihlali ya\u015famas\u0131 gibi durumlarda t\u00fcm sistemi riske atabilecek zay\u0131fl\u0131klara sahiptir. \u0130\u015fte bu noktada, g\u00fcvenli\u011fi bir ad\u0131m \u00f6teye ta\u015f\u0131yan ve sunucunun hangi TLS sertifikas\u0131n\u0131 kullanmas\u0131 gerekti\u011fini DNS arac\u0131l\u0131\u011f\u0131yla do\u011frulayan TLSA kay\u0131tlar\u0131 devreye girer. TLSA, sertifika sahtekarl\u0131\u011f\u0131na ve ortadaki adam sald\u0131r\u0131lar\u0131na kar\u015f\u0131 g\u00fc\u00e7l\u00fc bir savunma mekanizmas\u0131 sunarak web g\u00fcvenli\u011finde yeni bir sayfa a\u00e7ar.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_77 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">\u0130\u00e7erik Tablosu<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-69dd3fd485a92\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\" id=\"ez-toc-cssicon-toggle-item-69dd3fd485a92\" aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#Geleneksel-TLS-Guven-Modelinin-Temelleri-ve-Sinirliliklari\" >Geleneksel TLS G\u00fcven Modelinin Temelleri ve S\u0131n\u0131rl\u0131l\u0131klar\u0131<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#TLSSSL-Sertifikalari-ve-Sertifika-Otoriteleri-CA-Nasil-Calisir\" >TLS\/SSL Sertifikalar\u0131 ve Sertifika Otoriteleri (CA) Nas\u0131l \u00c7al\u0131\u015f\u0131r?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#Guven-Zincirindeki-Potansiyel-Zafiyetler-Hatali-veya-Sahte-Sertifikalar\" >G\u00fcven Zincirindeki Potansiyel Zafiyetler: Hatal\u0131 veya Sahte Sertifikalar<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#Man-in-the-Middle-Ortadaki-Adam-Saldirilari-ve-Geleneksel-Yontemlerin-Yetersizligi\" >Man-in-the-Middle (Ortadaki Adam) Sald\u0131r\u0131lar\u0131 ve Geleneksel Y\u00f6ntemlerin Yetersizli\u011fi<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#TLSA-Kaydi-Nedir-ve-Hangi-Ihtiyaci-Karsilar\" >TLSA Kayd\u0131 Nedir ve Hangi \u0130htiyac\u0131 Kar\u015f\u0131lar?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#TLSA-Kaydinin-Temel-Amaci-Sertifika-Dogrulamasini-DNSe-Tasima\" >TLSA Kayd\u0131n\u0131n Temel Amac\u0131: Sertifika Do\u011frulamas\u0131n\u0131 DNS&#8217;e Ta\u015f\u0131ma<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#DANE-DNS-based-Authentication-of-Named-Entities-Protokolune-Giris\" >DANE (DNS-based Authentication of Named Entities) Protokol\u00fcne Giri\u015f<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#DNSSECin-Rolu-TLSA-Kayitlarinin-Butunlugunu-ve-Guvenligini-Saglama\" >DNSSEC&#8217;in Rol\u00fc: TLSA Kay\u0131tlar\u0131n\u0131n B\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc ve G\u00fcvenli\u011fini Sa\u011flama<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#TLSA-Kaydinin-Yapisi-ve-Bilesenleri\" >TLSA Kayd\u0131n\u0131n Yap\u0131s\u0131 ve Bile\u015fenleri<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#Sertifika-Kullanim-Alani-Certificate-Usage-Dogrulama-Politikasini-Belirleme\" >Sertifika Kullan\u0131m Alan\u0131 (Certificate Usage): Do\u011frulama Politikas\u0131n\u0131 Belirleme<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#Secici-Alani-Selector-Sertifikanin-Hangi-Bolumunun-Eslestirilecegini-Belirtme\" >Se\u00e7ici Alan\u0131 (Selector): Sertifikan\u0131n Hangi B\u00f6l\u00fcm\u00fcn\u00fcn E\u015fle\u015ftirilece\u011fini Belirtme<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#Eslestirme-Turu-Alani-Matching-Type-Hash-Algoritmasini-Tanimlama\" >E\u015fle\u015ftirme T\u00fcr\u00fc Alan\u0131 (Matching Type): Hash Algoritmas\u0131n\u0131 Tan\u0131mlama<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#Sertifika-Iliskilendirme-Verisi-Certificate-Association-Data-Sertifikanin-Hash-Degeri\" >Sertifika \u0130li\u015fkilendirme Verisi (Certificate Association Data): Sertifikan\u0131n Hash De\u011feri<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#TLSA-Kaydi-Olusturma-ve-Yayinlama-Sureci\" >TLSA Kayd\u0131 Olu\u015fturma ve Yay\u0131nlama S\u00fcreci<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#Gerekli-On-Kosullar-DNSSECin-Aktif-Edilmesi\" >Gerekli \u00d6n Ko\u015fullar: DNSSEC&#8217;in Aktif Edilmesi<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#Sunucu-Sertifikasindan-Hash-Degeri-Uretme-Araclari-ve-Yontemleri\" >Sunucu Sertifikas\u0131ndan Hash De\u011feri \u00dcretme Ara\u00e7lar\u0131 ve Y\u00f6ntemleri<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#DNS-Bolge-Dosyasinda-Zone-File-TLSA-Kaydinin-Yapilandirilmasi\" >DNS B\u00f6lge Dosyas\u0131nda (Zone File) TLSA Kayd\u0131n\u0131n Yap\u0131land\u0131r\u0131lmas\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#TLSA-Kaydinin-Dogrulanmasi-ve-Test-Edilmesi\" >TLSA Kayd\u0131n\u0131n Do\u011frulanmas\u0131 ve Test Edilmesi<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#TLSA-Kaydi-Kullanim-Senaryolari-ve-Avantajlari\" >TLSA Kayd\u0131 Kullan\u0131m Senaryolar\u0131 ve Avantajlar\u0131<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#CA-Bagimliligini-Azaltma-ve-Esneklik-Kazanma\" >CA Ba\u011f\u0131ml\u0131l\u0131\u011f\u0131n\u0131 Azaltma ve Esneklik Kazanma<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#Sertifika-Otoritesi-CA-Guvenlik-Ihlallerine-Karsi-Korunma\" >Sertifika Otoritesi (CA) G\u00fcvenlik \u0130hlallerine Kar\u015f\u0131 Korunma<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#E-posta-Sunuculari-SMTP-icin-Guvenligin-Artirilmasi-MTA-STS-Alternatifi\" >E-posta Sunucular\u0131 (SMTP) i\u00e7in G\u00fcvenli\u011fin Art\u0131r\u0131lmas\u0131 (MTA-STS Alternatifi)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#Ozel-veya-Kendinden-Imzali-Self-Signed-Sertifikalarin-Guvenle-Kullanimi\" >\u00d6zel veya Kendinden \u0130mzal\u0131 (Self-Signed) Sertifikalar\u0131n G\u00fcvenle Kullan\u0131m\u0131<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#TLSA-Kayitlarinin-Yayginlasmasindaki-Engeller-ve-Gelecegi\" >TLSA Kay\u0131tlar\u0131n\u0131n Yayg\u0131nla\u015fmas\u0131ndaki Engeller ve Gelece\u011fi<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#DNSSECin-Henuz-Evrensel-Olarak-Kullanilmamasi\" >DNSSEC&#8217;in Hen\u00fcz Evrensel Olarak Kullan\u0131lmamas\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#Tarayici-ve-Istemci-Destegindeki-Mevcut-Durum\" >Taray\u0131c\u0131 ve \u0130stemci Deste\u011findeki Mevcut Durum<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#Sertifika-Yenileme-Sureclerinin-Yonetimi-ve-Otomasyonu\" >Sertifika Yenileme S\u00fcre\u00e7lerinin Y\u00f6netimi ve Otomasyonu<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#Web-PKI-Public-Key-Infrastructure-Ekosistemindeki-Yeri\" >Web PKI (Public Key Infrastructure) Ekosistemindeki Yeri<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-29\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#Guvenli-DNS-ve-TLSA-Kaydi-Yonetimi-Icin-Neden-IHS-Telekomu-Tercih-Etmelisiniz\" >G\u00fcvenli DNS ve TLSA Kayd\u0131 Y\u00f6netimi \u0130\u00e7in Neden \u0130HS Telekom&#8217;u Tercih Etmelisiniz?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-30\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#Kolay-DNSSEC-Aktivasyonu-ve-Yonetimi\" >Kolay DNSSEC Aktivasyonu ve Y\u00f6netimi<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-31\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#Uzman-Teknik-Destek-ve-Danismanlik-Hizmetleri\" >Uzman Teknik Destek ve Dan\u0131\u015fmanl\u0131k Hizmetleri<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-32\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#Gelismis-DNS-Yonetim-Paneli-ve-API-Destegi\" >Geli\u015fmi\u015f DNS Y\u00f6netim Paneli ve API Deste\u011fi<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-33\" href=\"https:\/\/www.ihs.com.tr\/blog\/tlsa-kaydi-nedir\/#Yuksek-Performansli-ve-Guvenilir-DNS-Altyapisi\" >Y\u00fcksek Performansl\u0131 ve G\u00fcvenilir DNS Altyap\u0131s\u0131<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Geleneksel-TLS-Guven-Modelinin-Temelleri-ve-Sinirliliklari\"><\/span>Geleneksel TLS G\u00fcven Modelinin Temelleri ve S\u0131n\u0131rl\u0131l\u0131klar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Web g\u00fcvenli\u011finin temelini olu\u015fturan TLS, istemci ve <a href=\"https:\/\/www.ihs.com.tr\/sunucu-kiralama\/\" target=\"_blank\">sunucu<\/a> aras\u0131ndaki ba\u011flant\u0131y\u0131 \u015fifreleyerek gizlili\u011fi ve b\u00fct\u00fcnl\u00fc\u011f\u00fc sa\u011flar. Bu g\u00fcven ili\u015fkisi, genellikle y\u00fczlerce g\u00fcvenilir Sertifika Otoritesi&#8217;nin (CA) olu\u015fturdu\u011fu hiyerar\u015fik bir yap\u0131ya dayan\u0131r. Ancak bu geleneksel model, do\u011fas\u0131 gere\u011fi baz\u0131 riskler ve s\u0131n\u0131rl\u0131l\u0131klar bar\u0131nd\u0131r\u0131r. G\u00fcvenin merkezi bir yap\u0131ya da\u011f\u0131t\u0131lm\u0131\u015f olmas\u0131, bu merkezlerden herhangi birinin istismar edilmesi durumunda t\u00fcm zinciri tehlikeye atabilir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"TLSSSL-Sertifikalari-ve-Sertifika-Otoriteleri-CA-Nasil-Calisir\"><\/span>TLS\/SSL Sertifikalar\u0131 ve Sertifika Otoriteleri (CA) Nas\u0131l \u00c7al\u0131\u015f\u0131r?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Bir web sitesi g\u00fcvenli bir ba\u011flant\u0131 (HTTPS) kurmak istedi\u011finde, kimli\u011fini do\u011frulamak i\u00e7in bir <a href=\"https:\/\/www.ihs.com.tr\/ssl\/\" target=\"_blank\">ssl sertifikas\u0131<\/a> kullan\u0131r. Bu sertifika, sitenin alan ad\u0131n\u0131, ortak anahtar\u0131n\u0131 ve sertifikay\u0131 veren Sertifika Otoritesi&#8217;nin dijital imzas\u0131n\u0131 i\u00e7erir. Bir kullan\u0131c\u0131 siteye ba\u011fland\u0131\u011f\u0131nda, taray\u0131c\u0131s\u0131 bu sertifikay\u0131 al\u0131r ve sertifikay\u0131 imzalayan CA&#8217;n\u0131n kendi g\u00fcvenilir CA listesinde olup olmad\u0131\u011f\u0131n\u0131 kontrol eder. E\u011fer CA g\u00fcvenilirse, taray\u0131c\u0131 sertifikan\u0131n ge\u00e7erli oldu\u011funu kabul eder ve \u015fifreli ba\u011flant\u0131 kurulur. Bu s\u00fcre\u00e7, &#8220;g\u00fcven zinciri&#8221; (chain of trust) olarak adland\u0131r\u0131l\u0131r ve en tepedeki k\u00f6k sertifikadan son kullan\u0131c\u0131 sertifikas\u0131na kadar uzan\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Guven-Zincirindeki-Potansiyel-Zafiyetler-Hatali-veya-Sahte-Sertifikalar\"><\/span>G\u00fcven Zincirindeki Potansiyel Zafiyetler: Hatal\u0131 veya Sahte Sertifikalar<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Geleneksel modeldeki en b\u00fcy\u00fck zafiyet, y\u00fczlerce CA&#8217;dan herhangi birine g\u00fcvenmek zorunda olmam\u0131zd\u0131r. E\u011fer bir CA&#8217;n\u0131n g\u00fcvenlik sistemleri a\u015f\u0131l\u0131rsa veya bir CA k\u00f6t\u00fc niyetli davranarak sahte sertifikalar \u00fcretirse, sald\u0131rganlar kendilerini me\u015fru web siteleri gibi g\u00f6sterebilirler. Taray\u0131c\u0131lar, sahte sertifikay\u0131 imzalayan CA&#8217;ya g\u00fcvendikleri i\u00e7in bu durumu fark edemez ve kullan\u0131c\u0131lar\u0131 sahte siteye y\u00f6nlendirerek hassas verilerin \u00e7al\u0131nmas\u0131na neden olabilir. Ge\u00e7mi\u015fte ya\u015fanan b\u00fcy\u00fck CA g\u00fcvenlik ihlalleri, bu riskin ne kadar ger\u00e7ek oldu\u011funu g\u00f6stermi\u015ftir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Man-in-the-Middle-Ortadaki-Adam-Saldirilari-ve-Geleneksel-Yontemlerin-Yetersizligi\"><\/span>Man-in-the-Middle (Ortadaki Adam) Sald\u0131r\u0131lar\u0131 ve Geleneksel Y\u00f6ntemlerin Yetersizli\u011fi<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Man-in-the-Middle (MitM) sald\u0131r\u0131s\u0131, bir sald\u0131rgan\u0131n kullan\u0131c\u0131 ile web sitesi aras\u0131ndaki ileti\u015fimin aras\u0131na girerek verileri gizlice dinlemesi veya de\u011fi\u015ftirmesidir. Geleneksel TLS, sahte bir sertifika kullan\u0131larak bu t\u00fcr sald\u0131r\u0131lara maruz kalabilir. Sald\u0131rgan, ele ge\u00e7irdi\u011fi bir CA taraf\u0131ndan imzalanm\u0131\u015f veya kullan\u0131c\u0131y\u0131 kand\u0131rarak y\u00fckletti\u011fi sahte bir sertifika ile kendini hedef site gibi tan\u0131tabilir. Kullan\u0131c\u0131n\u0131n taray\u0131c\u0131s\u0131 bu sahte sertifikay\u0131 ge\u00e7erli kabul ederse, sald\u0131rgan t\u00fcm \u015fifreli trafi\u011fi \u00e7\u00f6zebilir. Bu durum, geleneksel CA modelinin tek ba\u015f\u0131na bu t\u00fcr geli\u015fmi\u015f sald\u0131r\u0131lar\u0131 \u00f6nlemede yetersiz kalabildi\u011fini ortaya koymaktad\u0131r.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"TLSA-Kaydi-Nedir-ve-Hangi-Ihtiyaci-Karsilar\"><\/span>TLSA Kayd\u0131 Nedir ve Hangi \u0130htiyac\u0131 Kar\u015f\u0131lar?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>TLSA kayd\u0131, geleneksel TLS g\u00fcven modelindeki zafiyetlere \u00e7\u00f6z\u00fcm olarak geli\u015ftirilmi\u015f bir DNS kay\u0131t t\u00fcr\u00fcd\u00fcr. Temel amac\u0131, bir sunucunun kullanmas\u0131 beklenen TLS sertifikas\u0131n\u0131n &#8220;parmak izini&#8221; do\u011frudan DNS \u00fczerinde yay\u0131nlayarak sertifika do\u011frulama s\u00fcrecine ek bir g\u00fcvenlik katman\u0131 eklemektir. Bu sayede, taray\u0131c\u0131lar ve di\u011fer istemciler, sadece Sertifika Otoritesi&#8217;ne (CA) g\u00fcvenmek yerine, sunucunun sundu\u011fu sertifikan\u0131n DNS&#8217;te belirtilenle e\u015fle\u015fip e\u015fle\u015fmedi\u011fini de kontrol edebilir. Bu y\u00f6ntem, DANE protokol\u00fc arac\u0131l\u0131\u011f\u0131yla \u00e7al\u0131\u015f\u0131r ve DNSSEC ile g\u00fcvence alt\u0131na al\u0131n\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"TLSA-Kaydinin-Temel-Amaci-Sertifika-Dogrulamasini-DNSe-Tasima\"><\/span>TLSA Kayd\u0131n\u0131n Temel Amac\u0131: Sertifika Do\u011frulamas\u0131n\u0131 DNS&#8217;e Ta\u015f\u0131ma<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Geleneksel modelde sertifika do\u011frulamas\u0131 tamamen CA hiyerar\u015fisine ba\u011f\u0131ml\u0131d\u0131r. Bir taray\u0131c\u0131, bir sertifikan\u0131n ge\u00e7erli olup olmad\u0131\u011f\u0131n\u0131 anlamak i\u00e7in g\u00fcvendi\u011fi y\u00fczlerce CA&#8217;dan birinin imzas\u0131n\u0131 arar. TLSA, bu ba\u011f\u0131ml\u0131l\u0131\u011f\u0131 k\u0131rarak do\u011frulama mekanizmas\u0131n\u0131 alan ad\u0131n\u0131n kendi DNS kay\u0131tlar\u0131na ta\u015f\u0131r. Alan ad\u0131 sahibi, sunucusunda kulland\u0131\u011f\u0131 <a href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-sertifikasi-nedir-ssl-sertifikasi-ne-ise-yarar\/\" target=\"_blank\">SSL<\/a> sertifikas\u0131n\u0131n \u00f6zet (hash) bilgisini bir TLSA kayd\u0131 olarak yay\u0131nlar. \u0130stemci, siteye ba\u011fland\u0131\u011f\u0131nda hem sertifikay\u0131 al\u0131r hem de DNS&#8217;ten bu TLSA kayd\u0131n\u0131 sorgular. E\u011fer sertifikan\u0131n \u00f6zeti, DNS&#8217;teki kay\u0131tla e\u015fle\u015fiyorsa sertifikan\u0131n do\u011fru oldu\u011funa dair g\u00fc\u00e7l\u00fc bir kan\u0131t elde edilmi\u015f olur.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"DANE-DNS-based-Authentication-of-Named-Entities-Protokolune-Giris\"><\/span>DANE (DNS-based Authentication of Named Entities) Protokol\u00fcne Giri\u015f<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>DANE, isminden de anla\u015f\u0131laca\u011f\u0131 gibi, &#8220;Adland\u0131r\u0131lm\u0131\u015f Varl\u0131klar\u0131n DNS Tabanl\u0131 Kimlik Do\u011frulamas\u0131&#8221; anlam\u0131na gelen bir protokold\u00fcr. TLSA kay\u0131tlar\u0131, DANE protokol\u00fcn\u00fcn temel yap\u0131 ta\u015f\u0131d\u0131r. DANE, sadece web siteleri (HTTPS) i\u00e7in de\u011fil, ayn\u0131 zamanda e-posta (SMTP), anl\u0131k mesajla\u015fma (XMPP) gibi di\u011fer internet servislerinin sertifikalar\u0131n\u0131 do\u011frulamak i\u00e7in de kullan\u0131labilir. DANE&#8217;in amac\u0131, bir servise ait sertifikan\u0131n hangisi olmas\u0131 gerekti\u011fini g\u00fcvenli bir \u015fekilde belirterek, sahte veya hatal\u0131 sertifikalara dayal\u0131 sald\u0131r\u0131lar\u0131n \u00f6n\u00fcne ge\u00e7mektir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"DNSSECin-Rolu-TLSA-Kayitlarinin-Butunlugunu-ve-Guvenligini-Saglama\"><\/span>DNSSEC&#8217;in Rol\u00fc: TLSA Kay\u0131tlar\u0131n\u0131n B\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc ve G\u00fcvenli\u011fini Sa\u011flama<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>TLSA kay\u0131tlar\u0131n\u0131n ve DANE protokol\u00fcn\u00fcn g\u00fcvenilirli\u011fi, tamamen DNS yan\u0131tlar\u0131n\u0131n do\u011frulu\u011funa ba\u011fl\u0131d\u0131r. E\u011fer bir sald\u0131rgan DNS sorgular\u0131n\u0131 manip\u00fcle ederek sahte bir TLSA kayd\u0131 g\u00f6nderebilirse, t\u00fcm sistem anlams\u0131z hale gelir. \u0130\u015fte bu noktada DNSSEC (DNS Security Extensions) devreye girer. DNSSEC, DNS kay\u0131tlar\u0131n\u0131 dijital olarak imzalayarak onlar\u0131n de\u011fi\u015ftirilmedi\u011fini ve kayna\u011f\u0131n\u0131n do\u011fru oldu\u011funu garanti eder. Bir TLSA kayd\u0131n\u0131n ge\u00e7erli ve g\u00fcvenilir kabul edilebilmesi i\u00e7in, o alan ad\u0131nda DNSSEC&#8217;in mutlaka aktif edilmi\u015f olmas\u0131 gerekir. DNSSEC, DANE&#8217;in \u00fczerine in\u015fa edildi\u011fi g\u00fcvenlik temelidir.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"TLSA-Kaydinin-Yapisi-ve-Bilesenleri\"><\/span>TLSA Kayd\u0131n\u0131n Yap\u0131s\u0131 ve Bile\u015fenleri<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Bir TLSA kayd\u0131, basit bir metin dizesi gibi g\u00f6r\u00fcnse de asl\u0131nda belirli bir format\u0131 takip eden d\u00f6rt temel bile\u015fenden olu\u015fur. Bu bile\u015fenler, istemciye sunucudan gelen sertifikay\u0131 nas\u0131l ve hangi kurallara g\u00f6re do\u011frulamas\u0131 gerekti\u011fini bildirir. Bir TLSA kayd\u0131n\u0131n standart format\u0131 \u015fu \u015fekildedir: <b>_port._proto.alanadi. IN TLSA (Kullan\u0131m Alan\u0131 Se\u00e7ici E\u015fle\u015ftirmeT\u00fcr\u00fc Sertifika\u0130li\u015fkilendirmeVerisi)<\/b>. Her bir alan, do\u011frulama s\u00fcrecinde kritik bir rol oynar.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sertifika-Kullanim-Alani-Certificate-Usage-Dogrulama-Politikasini-Belirleme\"><\/span>Sertifika Kullan\u0131m Alan\u0131 (Certificate Usage): Do\u011frulama Politikas\u0131n\u0131 Belirleme<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Bu alan, 0 ile 3 aras\u0131nda bir de\u011fer al\u0131r ve istemcinin sertifikay\u0131 do\u011frularken izleyece\u011fi politikay\u0131 tan\u0131mlar. Bu alan, alan ad\u0131 sahibine ne kadar kat\u0131 bir do\u011frulama istedi\u011fini belirtme esnekli\u011fi sunar. \u00d6rne\u011fin, sadece belirli bir sertifikaya m\u0131 g\u00fcvenilecek yoksa geleneksel CA do\u011frulamas\u0131na ek bir kontrol m\u00fc yap\u0131lacak gibi kurallar\u0131 belirler.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Secici-Alani-Selector-Sertifikanin-Hangi-Bolumunun-Eslestirilecegini-Belirtme\"><\/span>Se\u00e7ici Alan\u0131 (Selector): Sertifikan\u0131n Hangi B\u00f6l\u00fcm\u00fcn\u00fcn E\u015fle\u015ftirilece\u011fini Belirtme<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Se\u00e7ici alan\u0131, 0 veya 1 de\u011ferini al\u0131r ve TLSA kayd\u0131ndaki hash de\u011ferinin, sunucudan gelen sertifikan\u0131n hangi k\u0131sm\u0131yla e\u015fle\u015ftirilece\u011fini belirtir. Bu, do\u011frulaman\u0131n t\u00fcm sertifika \u00fczerinden mi yoksa sadece sertifikan\u0131n ortak anahtar\u0131 (public key) \u00fczerinden mi yap\u0131laca\u011f\u0131n\u0131 tan\u0131mlar. Sadece ortak anahtar\u0131n kullan\u0131lmas\u0131, sertifika yenilendi\u011finde bile anahtar ayn\u0131 kald\u0131\u011f\u0131 s\u00fcrece TLSA kayd\u0131n\u0131 de\u011fi\u015ftirme zorunlulu\u011funu ortadan kald\u0131rabilir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Eslestirme-Turu-Alani-Matching-Type-Hash-Algoritmasini-Tanimlama\"><\/span>E\u015fle\u015ftirme T\u00fcr\u00fc Alan\u0131 (Matching Type): Hash Algoritmas\u0131n\u0131 Tan\u0131mlama<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Bu alan, 0, 1 veya 2 de\u011ferlerini alarak &#8220;Sertifika \u0130li\u015fkilendirme Verisi&#8221; alan\u0131ndaki parmak izinin hangi kriptografik hash algoritmas\u0131 kullan\u0131larak olu\u015fturuldu\u011funu belirtir. Bu sayede istemci, sunucudan ald\u0131\u011f\u0131 sertifikan\u0131n ilgili b\u00f6l\u00fcm\u00fcne ayn\u0131 algoritmay\u0131 uygulayarak kendi hash de\u011ferini \u00fcretir ve TLSA kayd\u0131ndakiyle kar\u015f\u0131la\u015ft\u0131r\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sertifika-Iliskilendirme-Verisi-Certificate-Association-Data-Sertifikanin-Hash-Degeri\"><\/span>Sertifika \u0130li\u015fkilendirme Verisi (Certificate Association Data): Sertifikan\u0131n Hash De\u011feri<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Bu alan, TLSA kayd\u0131n\u0131n kalbidir. Se\u00e7ici alan\u0131na g\u00f6re belirlenen sertifika b\u00f6l\u00fcm\u00fcn\u00fcn (t\u00fcm sertifika veya sadece ortak anahtar), E\u015fle\u015ftirme T\u00fcr\u00fc alan\u0131nda belirtilen hash algoritmas\u0131 (\u00f6rn. SHA-256) ile hesaplanm\u0131\u015f \u00f6zet (hash) de\u011ferini i\u00e7erir. \u0130stemcinin do\u011frulama yaparken kar\u015f\u0131la\u015ft\u0131raca\u011f\u0131 as\u0131l veri budur. Bu verinin do\u011frulu\u011fu, t\u00fcm TLSA mekanizmas\u0131n\u0131n g\u00fcvenli\u011fini sa\u011flar.<\/p>\n<div class=\"karsilastirma\">\n<table>\n<thead>\n<tr>\n<th>Bile\u015fen<\/th>\n<th>De\u011fer<\/th>\n<th>A\u00e7\u0131klama<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Sertifika Kullan\u0131m Alan\u0131<\/strong><\/td>\n<td>0<\/td>\n<td>PKIX-TA: Sertifika, bilinen bir CA taraf\u0131ndan imzalanm\u0131\u015f olmal\u0131d\u0131r ve bu CA ile e\u015fle\u015fmelidir.<\/td>\n<\/tr>\n<tr>\n<td><\/td>\n<td>1<\/td>\n<td>PKIX-EE: Sertifika, bilinen bir CA taraf\u0131ndan imzalanm\u0131\u015f olmal\u0131d\u0131r ve bu son kullan\u0131c\u0131 sertifikas\u0131 ile e\u015fle\u015fmelidir.<\/td>\n<\/tr>\n<tr>\n<td><\/td>\n<td>2<\/td>\n<td>DANE-TA: Sertifika, bu kay\u0131tta belirtilen CA taraf\u0131ndan imzalanm\u0131\u015f olmal\u0131d\u0131r (\u00f6zel CA&#8217;lar i\u00e7in).<\/td>\n<\/tr>\n<tr>\n<td><\/td>\n<td>3<\/td>\n<td>DANE-EE: Sertifika, do\u011frudan bu kay\u0131tta belirtilen sertifika olmal\u0131d\u0131r (CA&#8217;ya g\u00fcvenilmez, kendinden imzal\u0131).<\/td>\n<\/tr>\n<tr>\n<td><strong>Se\u00e7ici Alan\u0131<\/strong><\/td>\n<td>0<\/td>\n<td>Sertifikan\u0131n tamam\u0131 (Full Certificate) e\u015fle\u015ftirilir.<\/td>\n<\/tr>\n<tr>\n<td><\/td>\n<td>1<\/td>\n<td>Sadece sertifikan\u0131n SubjectPublicKeyInfo b\u00f6l\u00fcm\u00fc (Ortak Anahtar) e\u015fle\u015ftirilir.<\/td>\n<\/tr>\n<tr>\n<td><strong>E\u015fle\u015ftirme T\u00fcr\u00fc<\/strong><\/td>\n<td>0<\/td>\n<td>E\u015fle\u015ftirme i\u00e7in tam i\u00e7erik kullan\u0131l\u0131r (hash uygulanmaz).<\/td>\n<\/tr>\n<tr>\n<td><\/td>\n<td>1<\/td>\n<td>SHA-256 hash algoritmas\u0131 kullan\u0131l\u0131r.<\/td>\n<\/tr>\n<tr>\n<td><\/td>\n<td>2<\/td>\n<td>SHA-512 hash algoritmas\u0131 kullan\u0131l\u0131r.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<h2><span class=\"ez-toc-section\" id=\"TLSA-Kaydi-Olusturma-ve-Yayinlama-Sureci\"><\/span>TLSA Kayd\u0131 Olu\u015fturma ve Yay\u0131nlama S\u00fcreci<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>TLSA kayd\u0131 olu\u015fturmak ve yay\u0131nlamak, dikkatli ad\u0131mlar gerektiren teknik bir s\u00fcre\u00e7tir. Bu s\u00fcrecin do\u011fru bir \u015fekilde tamamlanmas\u0131, DANE protokol\u00fcn\u00fcn sundu\u011fu ek g\u00fcvenlik katman\u0131ndan tam olarak faydalanabilmek i\u00e7in kritik \u00f6neme sahiptir. S\u00fcre\u00e7, temel olarak DNSSEC&#8217;in etkinle\u015ftirilmesi, sunucu sertifikas\u0131ndan gerekli hash de\u011ferinin \u00fcretilmesi ve bu bilginin DNS b\u00f6lge dosyas\u0131na do\u011fru formatta eklenmesi ad\u0131mlar\u0131n\u0131 i\u00e7erir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Gerekli-On-Kosullar-DNSSECin-Aktif-Edilmesi\"><\/span>Gerekli \u00d6n Ko\u015fullar: DNSSEC&#8217;in Aktif Edilmesi<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>TLSA kay\u0131tlar\u0131n\u0131n g\u00fcvenli\u011fi, dayand\u0131\u011f\u0131 DNS altyap\u0131s\u0131n\u0131n g\u00fcvenli\u011fine ba\u011fl\u0131d\u0131r. Bu nedenle, TLSA kayd\u0131 yay\u0131nlamadan \u00f6nce en temel ve zorunlu \u00f6n ko\u015ful, <a href=\"https:\/\/www.ihs.com.tr\/domain\/alan-adi-domain-tescili.html\" target=\"_blank\">alan ad\u0131<\/a> i\u00e7in DNSSEC&#8217;in (DNS Security Extensions) aktif edilmi\u015f olmas\u0131d\u0131r. DNSSEC, DNS kay\u0131tlar\u0131n\u0131n dijital olarak imzalanmas\u0131n\u0131 sa\u011flayarak, istemcilerin ald\u0131\u011f\u0131 TLSA kayd\u0131n\u0131n sahte veya de\u011fi\u015ftirilmi\u015f olmad\u0131\u011f\u0131ndan emin olmalar\u0131n\u0131 sa\u011flar. DNSSEC olmadan yay\u0131nlanan bir TLSA kayd\u0131, DNS sahtekarl\u0131\u011f\u0131 (spoofing) sald\u0131r\u0131lar\u0131na kar\u015f\u0131 savunmas\u0131z kalaca\u011f\u0131 i\u00e7in bir anlam ifade etmez.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sunucu-Sertifikasindan-Hash-Degeri-Uretme-Araclari-ve-Yontemleri\"><\/span>Sunucu Sertifikas\u0131ndan Hash De\u011feri \u00dcretme Ara\u00e7lar\u0131 ve Y\u00f6ntemleri<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>TLSA kayd\u0131n\u0131n &#8220;Sertifika \u0130li\u015fkilendirme Verisi&#8221; b\u00f6l\u00fcm\u00fcn\u00fc olu\u015fturmak i\u00e7in sunucunuzda kulland\u0131\u011f\u0131n\u0131z TLS\/SSL sertifikas\u0131n\u0131n \u00f6zet (hash) de\u011ferini hesaplaman\u0131z gerekir. Bu i\u015flem i\u00e7in \u00e7e\u015fitli komut sat\u0131r\u0131 ara\u00e7lar\u0131 veya \u00e7evrimi\u00e7i \u00fcrete\u00e7ler kullan\u0131labilir. En yayg\u0131n kullan\u0131lan ara\u00e7lardan biri OpenSSL&#8217;dir. \u00d6rne\u011fin, `openssl` komut sat\u0131r\u0131 arac\u0131n\u0131 kullanarak belirli kullan\u0131m alan\u0131, se\u00e7ici ve e\u015fle\u015ftirme t\u00fcr\u00fc kombinasyonlar\u0131na g\u00f6re TLSA kayd\u0131n\u0131z\u0131 kolayca \u00fcretebilirsiniz. Ayr\u0131ca, bir\u00e7ok web tabanl\u0131 &#8220;TLSA Record Generator&#8221; arac\u0131 da bu s\u00fcreci basitle\u015ftirmek i\u00e7in mevcuttur.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"DNS-Bolge-Dosyasinda-Zone-File-TLSA-Kaydinin-Yapilandirilmasi\"><\/span>DNS B\u00f6lge Dosyas\u0131nda (Zone File) TLSA Kayd\u0131n\u0131n Yap\u0131land\u0131r\u0131lmas\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Hash de\u011ferini \u00fcrettikten sonra, bunu do\u011fru formatta DNS b\u00f6lge dosyan\u0131za eklemeniz gerekir. TLSA kayd\u0131n\u0131n ad\u0131, korunacak servisin port ve protokol bilgisini i\u00e7erir. \u00d6rne\u011fin, bir web sitesinin standart HTTPS portu i\u00e7in kay\u0131t ad\u0131 `_443._tcp.www.alanadiniz.com.` \u015feklinde olacakt\u0131r. Kayd\u0131n i\u00e7eri\u011fi ise daha \u00f6nce belirledi\u011finiz d\u00f6rt bile\u015fenden (Kullan\u0131m Alan\u0131, Se\u00e7ici, E\u015fle\u015ftirme T\u00fcr\u00fc ve Sertifika Hash&#8217;i) olu\u015fur. Bu kayd\u0131, DNS sunucunuzun y\u00f6netim paneli \u00fczerinden veya do\u011frudan b\u00f6lge dosyas\u0131n\u0131 d\u00fczenleyerek ekleyebilirsiniz. \u00d6zellikle <a href=\"https:\/\/www.ihs.com.tr\/sunucu-kiralama\/vds-sunucu.html\" target=\"_blank\">VDS<\/a> gibi y\u00f6netimi size ait sunucularda bu i\u015flemi kendiniz yapman\u0131z gerekir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"TLSA-Kaydinin-Dogrulanmasi-ve-Test-Edilmesi\"><\/span>TLSA Kayd\u0131n\u0131n Do\u011frulanmas\u0131 ve Test Edilmesi<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>TLSA kayd\u0131n\u0131 yay\u0131nlad\u0131ktan sonra do\u011fru yap\u0131land\u0131r\u0131ld\u0131\u011f\u0131ndan ve istemciler taraf\u0131ndan do\u011fru bir \u015fekilde sorgulanabildi\u011finden emin olman\u0131z \u00e7ok \u00f6nemlidir. `dig` veya `nslookup` gibi komut sat\u0131r\u0131 ara\u00e7lar\u0131n\u0131 kullanarak DNS sorgusu yapabilir ve kayd\u0131n\u0131z\u0131n do\u011fru \u015fekilde d\u00f6nd\u00fc\u011f\u00fcn\u00fc kontrol edebilirsiniz. Ayr\u0131ca, internet \u00fczerinde bulunan \u00e7ok say\u0131da \u00e7evrimi\u00e7i DANE\/TLSA do\u011frulama arac\u0131, alan ad\u0131n\u0131z\u0131 girerek hem DNSSEC yap\u0131land\u0131rman\u0131z\u0131 hem de TLSA kayd\u0131n\u0131z\u0131n ge\u00e7erlili\u011fini kapsaml\u0131 bir \u015fekilde test etmenize olanak tan\u0131r. Bu testler, olas\u0131 yap\u0131land\u0131rma hatalar\u0131n\u0131 erkenden tespit etmenize yard\u0131mc\u0131 olur.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"TLSA-Kaydi-Kullanim-Senaryolari-ve-Avantajlari\"><\/span>TLSA Kayd\u0131 Kullan\u0131m Senaryolar\u0131 ve Avantajlar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>TLSA kay\u0131tlar\u0131 ve DANE protokol\u00fc, internet servislerinin g\u00fcvenli\u011fini art\u0131rmak i\u00e7in g\u00fc\u00e7l\u00fc ve esnek bir mekanizma sunar. Geleneksel CA tabanl\u0131 g\u00fcven modeline \u00f6nemli alternatifler ve geli\u015ftirmeler getirerek, sistem y\u00f6neticilerine ve son kullan\u0131c\u0131lara \u00e7e\u015fitli avantajlar sa\u011flar. Bu avantajlar, sadece CA&#8217;lara olan ba\u011f\u0131ml\u0131l\u0131\u011f\u0131 azaltmakla kalmaz, ayn\u0131 zamanda belirli sald\u0131r\u0131 t\u00fcrlerine kar\u015f\u0131 daha sa\u011flam bir koruma kalkan\u0131 olu\u015fturur.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"CA-Bagimliligini-Azaltma-ve-Esneklik-Kazanma\"><\/span>CA Ba\u011f\u0131ml\u0131l\u0131\u011f\u0131n\u0131 Azaltma ve Esneklik Kazanma<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>TLSA&#8217;n\u0131n en \u00f6nemli avantajlar\u0131ndan biri, sertifika do\u011frulama s\u00fcrecinde y\u00fczlerce ticari Sertifika Otoritesi&#8217;ne (CA) olan mutlak ba\u011f\u0131ml\u0131l\u0131\u011f\u0131 k\u0131rmas\u0131d\u0131r. TLSA&#8217;n\u0131n &#8220;DANE-EE&#8221; (Usage 3) modu kullan\u0131ld\u0131\u011f\u0131nda, bir istemciye sunulan sertifikan\u0131n ge\u00e7erli kabul edilmesi i\u00e7in herhangi bir CA taraf\u0131ndan imzalanm\u0131\u015f olmas\u0131 gerekmez. Do\u011frulama tamamen, DNSSEC ile g\u00fcvence alt\u0131na al\u0131nm\u0131\u015f TLSA kayd\u0131ndaki parmak iziyle e\u015fle\u015fmesine dayan\u0131r. Bu, y\u00f6neticilere daha fazla kontrol ve esneklik sunarak, CA sisteminin d\u0131\u015f\u0131na \u00e7\u0131kma veya kendi g\u00fcven altyap\u0131lar\u0131n\u0131 kurma imkan\u0131 tan\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sertifika-Otoritesi-CA-Guvenlik-Ihlallerine-Karsi-Korunma\"><\/span>Sertifika Otoritesi (CA) G\u00fcvenlik \u0130hlallerine Kar\u015f\u0131 Korunma<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Ge\u00e7mi\u015fte ya\u015fanan olaylar, bir Sertifika Otoritesi&#8217;nin g\u00fcvenlik sistemlerinin ihlal edilebildi\u011fini ve bu durumun sahte sertifikalar \u00fcretilmesine yol a\u00e7abildi\u011fini g\u00f6stermi\u015ftir. B\u00f6yle bir durumda, sald\u0131rganlar kendilerini pop\u00fcler web siteleri gibi tan\u0131tarak kullan\u0131c\u0131 verilerini \u00e7alabilirler. TLSA kayd\u0131 kullanan bir sistemde, taray\u0131c\u0131 sunucudan gelen sertifikan\u0131n sadece CA imzas\u0131n\u0131 de\u011fil, ayn\u0131 zamanda DNS&#8217;te yay\u0131nlanan parmak izini de kontrol eder. Sahte sertifikan\u0131n parmak izi TLSA kayd\u0131yla e\u015fle\u015fmeyece\u011finden, taray\u0131c\u0131 ba\u011flant\u0131y\u0131 reddeder ve kullan\u0131c\u0131y\u0131 korur. Bu, CA kaynakl\u0131 g\u00fcvenlik a\u00e7\u0131klar\u0131na kar\u015f\u0131 etkili bir savunma hatt\u0131 olu\u015fturur.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"E-posta-Sunuculari-SMTP-icin-Guvenligin-Artirilmasi-MTA-STS-Alternatifi\"><\/span>E-posta Sunucular\u0131 (SMTP) i\u00e7in G\u00fcvenli\u011fin Art\u0131r\u0131lmas\u0131 (MTA-STS Alternatifi)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>DANE, sadece web sunucular\u0131 i\u00e7in de\u011fil, e-posta sunucular\u0131 (MTA&#8217;lar) aras\u0131ndaki ileti\u015fimi g\u00fcvenli hale getirmek i\u00e7in de yayg\u0131n olarak kullan\u0131l\u0131r. DANE (TLSA) for SMTP, bir e-posta sunucusunun di\u011ferine e-posta g\u00f6nderirken STARTTLS \u015fifrelemesini zorunlu k\u0131lmas\u0131n\u0131 ve do\u011fru sertifikay\u0131 kulland\u0131\u011f\u0131n\u0131 do\u011frulamas\u0131n\u0131 sa\u011flar. Bu, e-posta trafi\u011finin ortadaki adam sald\u0131r\u0131lar\u0131na kar\u015f\u0131 korunmas\u0131na yard\u0131mc\u0131 olur. MTA-STS gibi daha yeni protokoller benzer bir ama\u00e7 ta\u015f\u0131sa da DANE, mevcut DNS ve DNSSEC altyap\u0131s\u0131n\u0131 kulland\u0131\u011f\u0131 i\u00e7in baz\u0131 durumlarda daha entegre bir \u00e7\u00f6z\u00fcm sunabilir.<\/p>\n<div class=\"karsilastirma\">\n<table>\n<thead>\n<tr>\n<th>\u00d6zellik<\/th>\n<th>DANE (TLSA) for SMTP<\/th>\n<th>MTA-STS<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Dayand\u0131\u011f\u0131 Teknoloji<\/strong><\/td>\n<td>DNSSEC ve TLSA DNS Kay\u0131tlar\u0131<\/td>\n<td>HTTPS ve TXT DNS Kay\u0131tlar\u0131<\/td>\n<\/tr>\n<tr>\n<td><strong>G\u00fcvenlik Temeli<\/strong><\/td>\n<td>DNSSEC&#8217;in kriptografik b\u00fct\u00fcnl\u00fc\u011f\u00fc<\/td>\n<td>Web PKI (Geleneksel CA G\u00fcveni)<\/td>\n<\/tr>\n<tr>\n<td><strong>Sertifika Do\u011frulama<\/strong><\/td>\n<td>Sertifikay\u0131 veya anahtar\u0131 do\u011frudan DNS&#8217;te belirtir<\/td>\n<td>Politika dosyas\u0131nda belirtilen CA&#8217;lara g\u00fcvenir<\/td>\n<\/tr>\n<tr>\n<td><strong>Esneklik<\/strong><\/td>\n<td>Kendinden imzal\u0131 sertifikalara izin verir<\/td>\n<td>G\u00fcvenilir bir CA taraf\u0131ndan imzalanm\u0131\u015f sertifika gerektirir<\/td>\n<\/tr>\n<tr>\n<td><strong>Yayg\u0131nl\u0131k<\/strong><\/td>\n<td>Daha \u00e7ok teknik topluluklarda ve belirli b\u00f6lgelerde yayg\u0131n<\/td>\n<td>B\u00fcy\u00fck e-posta sa\u011flay\u0131c\u0131lar\u0131 taraf\u0131ndan daha geni\u015f destek g\u00f6r\u00fcyor<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<h3><span class=\"ez-toc-section\" id=\"Ozel-veya-Kendinden-Imzali-Self-Signed-Sertifikalarin-Guvenle-Kullanimi\"><\/span>\u00d6zel veya Kendinden \u0130mzal\u0131 (Self-Signed) Sertifikalar\u0131n G\u00fcvenle Kullan\u0131m\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Ticari CA&#8217;lardan sertifika almak maliyetli veya y\u00f6netimsel olarak karma\u015f\u0131k olabilir. \u00d6zellikle i\u00e7 a\u011flarda veya test ortamlar\u0131nda kendinden imzal\u0131 sertifikalar s\u0131k\u00e7a kullan\u0131l\u0131r. Normalde taray\u0131c\u0131lar bu sertifikalara g\u00fcvensiz uyar\u0131s\u0131 verir. Ancak TLSA (Usage 3) ile bu sertifikalar\u0131n parmak izi DNS&#8217;te yay\u0131nland\u0131\u011f\u0131nda, DANE destekli istemciler bu sertifikalara g\u00fcvenle ba\u011flanabilir. \u00c7\u00fcnk\u00fc sertifikan\u0131n do\u011frulu\u011fu art\u0131k bir CA taraf\u0131ndan de\u011fil, DNSSEC ile korunan DNS kayd\u0131 taraf\u0131ndan garanti edilmektedir. Bu, \u00f6zellikle <a href=\"https:\/\/www.ihs.com.tr\/web-hosting\/\" target=\"_blank\">hosting<\/a> sa\u011flay\u0131c\u0131lar\u0131 veya kendi altyap\u0131s\u0131n\u0131 y\u00f6neten kurumlar i\u00e7in b\u00fcy\u00fck bir avantajd\u0131r.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"TLSA-Kayitlarinin-Yayginlasmasindaki-Engeller-ve-Gelecegi\"><\/span>TLSA Kay\u0131tlar\u0131n\u0131n Yayg\u0131nla\u015fmas\u0131ndaki Engeller ve Gelece\u011fi<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>TLSA kay\u0131tlar\u0131 ve DANE protokol\u00fc, ka\u011f\u0131t \u00fczerinde sundu\u011fu g\u00fc\u00e7l\u00fc g\u00fcvenlik avantajlar\u0131na ra\u011fmen hen\u00fcz internet genelinde evrensel bir standart haline gelememi\u015ftir. Yayg\u0131nla\u015fmas\u0131n\u0131n \u00f6n\u00fcnde hem teknik hem de ekosistemle ilgili baz\u0131 \u00f6nemli engeller bulunmaktad\u0131r. Bu zorluklar\u0131n a\u015f\u0131lmas\u0131, TLSA&#8217;n\u0131n gelecekteki yerini ve ne kadar etkili olaca\u011f\u0131n\u0131 belirleyecektir. Alan ad\u0131n\u0131z i\u00e7in <a href=\"https:\/\/www.ihs.com.tr\/domain\/alan-adi-domain-transferi.html\" target=\"_blank\">domain transfer<\/a> i\u015flemi yaparken DNSSEC ve TLSA ayarlar\u0131n\u0131 da ta\u015f\u0131d\u0131\u011f\u0131n\u0131zdan emin olman\u0131z gerekir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"DNSSECin-Henuz-Evrensel-Olarak-Kullanilmamasi\"><\/span>DNSSEC&#8217;in Hen\u00fcz Evrensel Olarak Kullan\u0131lmamas\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>TLSA&#8217;n\u0131n temel dayana\u011f\u0131 olan DNSSEC, protokol\u00fcn en b\u00fcy\u00fck zorluklar\u0131ndan biridir. DNSSEC&#8217;in yayg\u0131nla\u015fma oran\u0131 y\u0131llar i\u00e7inde artsa da hala internetteki t\u00fcm alan adlar\u0131n\u0131n b\u00fcy\u00fck bir \u00e7o\u011funlu\u011fu taraf\u0131ndan kullan\u0131lmamaktad\u0131r. Bir\u00e7ok alan ad\u0131 kay\u0131t operat\u00f6r\u00fc ve hosting firmas\u0131 i\u00e7in DNSSEC&#8217;i kurmak ve y\u00f6netmek ek bir operasyonel y\u00fck getirmektedir. DNSSEC olmadan TLSA kay\u0131tlar\u0131n\u0131n bir g\u00fcvenlik garantisi sunamamas\u0131, DANE&#8217;in benimsenmesinin \u00f6n\u00fcndeki en b\u00fcy\u00fck engeldir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Tarayici-ve-Istemci-Destegindeki-Mevcut-Durum\"><\/span>Taray\u0131c\u0131 ve \u0130stemci Deste\u011findeki Mevcut Durum<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>TLSA&#8217;n\u0131n etkili olabilmesi i\u00e7in sadece sunucu taraf\u0131nda de\u011fil, istemci taraf\u0131nda da (web taray\u0131c\u0131lar\u0131, e-posta istemcileri vb.) desteklenmesi gerekir. Ge\u00e7mi\u015fte baz\u0131 taray\u0131c\u0131 eklentileri arac\u0131l\u0131\u011f\u0131yla DANE deste\u011fi sa\u011flanm\u0131\u015f olsa da, g\u00fcn\u00fcm\u00fczde b\u00fcy\u00fck web taray\u0131c\u0131lar\u0131 (Chrome, Firefox, Safari) varsay\u0131lan olarak DANE do\u011frulamas\u0131 yapmamaktad\u0131r. Taray\u0131c\u0131 \u00fcreticileri, CA ekosistemini zay\u0131flatabilece\u011fi ve DNSSEC&#8217;in getirece\u011fi olas\u0131 performans sorunlar\u0131 gibi nedenlerle bu teknolojiyi entegre etme konusunda temkinli davranmaktad\u0131r. Ancak e-posta istemcileri ve di\u011fer \u00f6zel uygulamalar aras\u0131nda DANE deste\u011fi daha yayg\u0131nd\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sertifika-Yenileme-Sureclerinin-Yonetimi-ve-Otomasyonu\"><\/span>Sertifika Yenileme S\u00fcre\u00e7lerinin Y\u00f6netimi ve Otomasyonu<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>TLSA kay\u0131tlar\u0131, belirli bir sertifikaya veya ortak anahtara s\u0131k\u0131 s\u0131k\u0131ya ba\u011fl\u0131d\u0131r. Let&#8217;s Encrypt gibi otomasyon ara\u00e7lar\u0131 sayesinde sertifikalar\u0131n 90 g\u00fcnde bir yenilenmesi standart hale gelmi\u015ftir. Her sertifika yenilemesinde, TLSA kayd\u0131n\u0131n da g\u00fcncellenmesi gerekir. E\u011fer bu s\u00fcre\u00e7 otomatize edilmezse, eski TLSA kayd\u0131 yeni sertifikayla e\u015fle\u015fmeyece\u011fi i\u00e7in siteye eri\u015fim sorunlar\u0131 ya\u015fanabilir. Bu durum, \u00f6zellikle y\u00fczlerce web sitesi y\u00f6neten sistem y\u00f6neticileri i\u00e7in ciddi bir y\u00f6netim y\u00fck\u00fc olu\u015fturmaktad\u0131r. TLSA kay\u0131tlar\u0131n\u0131n y\u00f6netimini otomatize edecek standart ara\u00e7lar\u0131n eksikli\u011fi, yayg\u0131nla\u015fmay\u0131 yava\u015flatan bir di\u011fer fakt\u00f6rd\u00fcr. \u00d6zellikle <a href=\"https:\/\/www.ihs.com.tr\/web-hosting\/wordpress-hosting.html\" target=\"_blank\">wordpress hosting<\/a> gibi platformlarda bu otomasyonun kullan\u0131c\u0131 dostu olmas\u0131 \u00f6nemlidir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Web-PKI-Public-Key-Infrastructure-Ekosistemindeki-Yeri\"><\/span>Web PKI (Public Key Infrastructure) Ekosistemindeki Yeri<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Mevcut Web PKI, yani Sertifika Otoriteleri&#8217;ne dayal\u0131 genel anahtar altyap\u0131s\u0131, y\u0131llard\u0131r internetin temel g\u00fcven mekanizmas\u0131 olmu\u015ftur ve etraf\u0131nda b\u00fcy\u00fck bir ticari ekosistem olu\u015fmu\u015ftur. TLSA ve DANE, bu yerle\u015fik modele bir alternatif sundu\u011fu i\u00e7in baz\u0131lar\u0131 taraf\u0131ndan y\u0131k\u0131c\u0131 bir teknoloji olarak g\u00f6r\u00fclebilir. Certificate Transparency (CT) loglar\u0131 gibi CA ekosistemini g\u00fc\u00e7lendirmeye y\u00f6nelik ba\u015fka teknolojilerin geli\u015ftirilmesi, taray\u0131c\u0131lar\u0131n DANE yerine bu t\u00fcr \u00e7\u00f6z\u00fcmlere \u00f6ncelik vermesine neden olmu\u015ftur. TLSA&#8217;n\u0131n gelece\u011fi, mevcut PKI ile nas\u0131l bir arada var olaca\u011f\u0131 veya onu ne \u00f6l\u00e7\u00fcde tamamlayaca\u011f\u0131 sorusuna ba\u011fl\u0131d\u0131r.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Guvenli-DNS-ve-TLSA-Kaydi-Yonetimi-Icin-Neden-IHS-Telekomu-Tercih-Etmelisiniz\"><\/span>G\u00fcvenli DNS ve TLSA Kayd\u0131 Y\u00f6netimi \u0130\u00e7in Neden \u0130HS Telekom&#8217;u Tercih Etmelisiniz?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>TLSA kay\u0131tlar\u0131n\u0131n ve temelini olu\u015fturan DNSSEC&#8217;in karma\u015f\u0131kl\u0131\u011f\u0131, do\u011fru altyap\u0131 ve uzman deste\u011fi olmadan y\u00f6netilmesini zorla\u015ft\u0131rabilir. IHS Telekom, sundu\u011fu geli\u015fmi\u015f DNS hizmetleri ve g\u00fcvenilir altyap\u0131s\u0131yla bu s\u00fcreci sizin i\u00e7in basitle\u015ftirerek internet varl\u0131klar\u0131n\u0131z\u0131n g\u00fcvenli\u011fini en \u00fcst d\u00fczeye \u00e7\u0131karman\u0131za yard\u0131mc\u0131 olur. IHS Telekom ile \u00e7al\u0131\u015fmak, size sadece bir servis sa\u011flay\u0131c\u0131dan daha fazlas\u0131n\u0131, g\u00fcvenilir bir teknoloji orta\u011f\u0131n\u0131 kazand\u0131r\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Kolay-DNSSEC-Aktivasyonu-ve-Yonetimi\"><\/span>Kolay DNSSEC Aktivasyonu ve Y\u00f6netimi<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>TLSA&#8217;n\u0131n \u00f6n ko\u015fulu olan DNSSEC, karma\u015f\u0131k bir kurulum s\u00fcrecine sahip olabilir. IHS Telekom, geli\u015fmi\u015f DNS y\u00f6netim paneli \u00fczerinden DNSSEC&#8217;i tek bir t\u0131kla aktif etmenize olanak tan\u0131r. Karma\u015f\u0131k anahtar y\u00f6netimi ve imzalama s\u00fcre\u00e7leriyle u\u011fra\u015fmak zorunda kalmadan, alan adlar\u0131n\u0131z\u0131 kolayca g\u00fcvence alt\u0131na alabilir ve TLSA kay\u0131tlar\u0131n\u0131z\u0131 yay\u0131nlamaya haz\u0131r hale getirebilirsiniz. Bu, hem zamandan tasarruf etmenizi sa\u011flar hem de olas\u0131 yap\u0131land\u0131rma hatalar\u0131n\u0131 en aza indirir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Uzman-Teknik-Destek-ve-Danismanlik-Hizmetleri\"><\/span>Uzman Teknik Destek ve Dan\u0131\u015fmanl\u0131k Hizmetleri<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>DNSSEC ve TLSA gibi ileri d\u00fczey konular, uzmanl\u0131k gerektiren sorular\u0131 beraberinde getirebilir. IHS Telekom&#8217;un deneyimli teknik destek ekibi, kurulum, yap\u0131land\u0131rma ve sorun giderme s\u00fcre\u00e7lerinin her a\u015famas\u0131nda size yard\u0131mc\u0131 olmaya haz\u0131rd\u0131r. \u0130ster ilk defa TLSA kayd\u0131 olu\u015fturuyor olun, ister mevcut yap\u0131land\u0131rman\u0131z\u0131 optimize etmek isteyin, uzman ekibimizden ihtiyac\u0131n\u0131z olan dan\u0131\u015fmanl\u0131\u011f\u0131 alabilirsiniz. \u00d6zellikle <a href=\"https:\/\/www.ihs.com.tr\/sunucu-kiralama\/vps-server.html\" target=\"_blank\">VPS<\/a> sunucunuzda bu ayarlar\u0131 yaparken destek almak kritik olabilir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Gelismis-DNS-Yonetim-Paneli-ve-API-Destegi\"><\/span>Geli\u015fmi\u015f DNS Y\u00f6netim Paneli ve API Deste\u011fi<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>IHS Telekom, kullan\u0131c\u0131 dostu bir DNS y\u00f6netim paneli sunarak t\u00fcm DNS kay\u0131tlar\u0131n\u0131z\u0131 (A, CNAME, MX, TXT ve TLSA dahil) kolayca y\u00f6netmenize imkan tan\u0131r. Ayr\u0131ca, otomasyon ihtiyac\u0131 duyan kurumsal m\u00fc\u015fteriler ve geli\u015ftiriciler i\u00e7in sa\u011flanan kapsaml\u0131 API deste\u011fi, DNS ve TLSA kay\u0131t y\u00f6netimini kendi sistemlerinize entegre etmenizi sa\u011flar. Bu, \u00f6zellikle sertifika yenileme s\u00fcre\u00e7leriyle senkronize TLSA kayd\u0131 g\u00fcncellemeleri i\u00e7in b\u00fcy\u00fck bir avantajd\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Yuksek-Performansli-ve-Guvenilir-DNS-Altyapisi\"><\/span>Y\u00fcksek Performansl\u0131 ve G\u00fcvenilir DNS Altyap\u0131s\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>DNS, bir web sitesinin veya online servisin eri\u015filebilirli\u011finin temelidir. Yava\u015f veya kesintiye u\u011frayan bir DNS hizmeti, sitenize eri\u015fimi imkans\u0131z hale getirebilir. IHS Telekom, co\u011frafi olarak yedekli, y\u00fcksek performansl\u0131 ve DDoS korumal\u0131 bir DNS altyap\u0131s\u0131 sunar. Bu sayede, DNSSEC ve TLSA kay\u0131tlar\u0131n\u0131z\u0131n her zaman h\u0131zl\u0131 ve g\u00fcvenilir bir \u015fekilde sorgulanmas\u0131n\u0131 sa\u011flayarak, DANE protokol\u00fcn\u00fcn getirdi\u011fi g\u00fcvenlik avantajlar\u0131ndan kesintisiz olarak yararlanman\u0131z\u0131 garanti eder.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u0130nternet \u00fczerindeki ileti\u015fimin g\u00fcvenli\u011fi, dijital d\u00fcnyan\u0131n temel ta\u015flar\u0131ndan biridir. Kullan\u0131c\u0131lar ve sunucular aras\u0131ndaki veri ak\u0131\u015f\u0131n\u0131 \u015fifreleyerek koruyan TLS (Transport Layer Security) protokol\u00fc,&hellip;<\/p>\n","protected":false},"author":3,"featured_media":15551,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[400],"tags":[],"class_list":["post-15550","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ssl-sertifikasi"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/15550","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=15550"}],"version-history":[{"count":1,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/15550\/revisions"}],"predecessor-version":[{"id":15552,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/15550\/revisions\/15552"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media\/15551"}],"wp:attachment":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=15550"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=15550"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=15550"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}