In article <CAH1iCiq3VjuFYaXho6+3Miu=5bafze+vk8qwgx+w_hw5aid...@mail.gmail.com> you write: >> Again, that would be russian roulette. If I get an NS RRset with 3 >> nameservers, and only one of these has a TLSA record, what should I >> do ?
Dunno about you, but I'd make a note not to hire that provider to run my DNS. People can set up any sort of DNS badly, and experience has repeatedly shown that attempts to idiot-proof systems merely brings out more ingenious idiots. The more useful question is how hard it is for a sensible person to set something up sensibly, and in this case the answer is not very hard. R's, John _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy