(I don't react to the SERVFAIL from CloudFlare auth.) On 4/19/20 8:55 AM, Viktor Dukhovni wrote: > the NSEC RR promises TLSA records, among a rather oddball mix of > other rrtypes
I believe that's normal for CloudFlare authoritatives, and so far I've noticed no real problems from that, apart from effects like less efficient caching. Description: https://blog.cloudflare.com/black-lies/#dnsshotgun At least they lie in the better direction - some servers actually deny types they do want served: https://github.com/dns-violations/dns-violations/blob/master/2018/DVE-2018-0003.md _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
