On Tue, Sep 11, 2018 at 12:10:25PM +0200, Volker Janzen <voja at voja.de> wrote a message of 17 lines which said: > or CAA records. Same problem than DNSSEC : *all* CA must implement it.