On Mon, Jan 24, 2022 at 10:29:26PM +0100, Maurizio Caloro wrote:
> > If your provider supports neither "TLSA" records, nor the generic
> > (unknown type) encoding, switch to a more competent DNS provider.
>
> please, how did you solve this, also with an external provider, or running
> this task on your own bind server?
Not surprisingly, I operate my own DNS. But there are providers who do
allow you to publish any and all DNS records, not just specific ones
they've choosen to "support". I don't have a list of these at my
fingertips. When evaluating a potential DNS provider make sure
they don't restrict your ability to publish records of your choice.
If you want DNSSEC, avoid NameCheap, they've ignored a bug report about
incorrect denial of existence for over two years now.
Make your provider supports publication of resource records in RFC3597
form.
--
Viktor.
