diff --git a/lib/Froxlor/Api/Commands/DomainZones.php b/lib/Froxlor/Api/Commands/DomainZones.php
index 3975fd4a..eebe6b8d 100644
--- a/lib/Froxlor/Api/Commands/DomainZones.php
+++ b/lib/Froxlor/Api/Commands/DomainZones.php
@@ -302,6 +302,8 @@ class DomainZones extends ApiCommand implements ResourceEntity
 			}
 		} elseif ($type == 'SSHFP' && !empty($content)) {
 			$content = $content;
+		} elseif ($type == 'TLSA' && !empty($content)) {
+			$content = $content;
 		} elseif ($type == 'TXT' && !empty($content)) {
 			// check that TXT content is enclosed in " "
 			$content = Dns::encloseTXTContent($content);
diff --git a/lib/formfields/formfield.dns_add.php b/lib/formfields/formfield.dns_add.php
index b7c07da0..8e31f1b1 100644
--- a/lib/formfields/formfield.dns_add.php
+++ b/lib/formfields/formfield.dns_add.php
@@ -51,6 +51,7 @@ return [
 							'RP' => 'RP',
 							'SRV' => 'SRV',
 							'SSHFP' => 'SSHFP',
+							'TLSA' => 'TLSA',
 							'TXT' => 'TXT'
 						],
 						'selected' => $type
diff --git a/lng/en.lng.php b/lng/en.lng.php
index 2f3b0471..4403ace9 100644
--- a/lng/en.lng.php
+++ b/lng/en.lng.php
@@ -709,6 +709,7 @@ return [
 			'RP' => 'Responsible Person record<br>Structure: <code>mailbox[replace @ with a dot] txt-record-name</code><br>Example: <code>team.froxlor.org. froxlor.org.</code>',
 			'SRV' => 'Service location record, used for newer protocols instead of creating protocol-specific records such as MX.<br>Structure: <code>priority weight port target</code><br>Example: <code>0 5 5060 sipserver.example.com.</code><br>Note: For priority, use field above',
 			'SSHFP' => 'The SSHFP resource record is used to publish secure shell (SSH) key fingerprints in the DNS.<br>Structure: <code>algorithm type fingerprint</code><br>Algorithms: <code>0: reserved, 1: RSA, 2: DSA, 3: ECDSA, 4: Ed25519, 6: Ed448</code><br>Types: <code>0: reserved, 1: SHA-1, 2: SHA-256</code><br>Example: <code>2 1 123456789abcdef67890123456789abcdef67890</code>',
+			'TLSA' => 'TLSA (TLS Authentication) record is used to publish fingerprint of a TLS/SSL certificate. It is commonly used for DANE.<br>TLSA records can only be trusted if DNSSEC is enabled on your domain.<br>Structure: <code>usage selector type fingerprint</code><br>Certificate usage: <code>0: PKIX-T, 1: PKIX-EE, 2: DANE-TA, 3: DANE-EE</code><br>Selector: <code>0: Use full certificate, 1: Use subject public key</code><br>Matching type: <code>0: Full: No Hash, 1: SHA-256 Hash, 2:SHA-512 Hash</code><br>Example: <code>3 1 1 123456789abcdef67890123456789abcdef123456789abcdef123456789abcde</code>',
 			'TXT' => 'Free definable, descriptive text.'
 		]
 	],