> On 18 Apr 2019, at 10:46, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote: > > Of course, it would be better to move away from DSA, but it shouldn't > make a SERVFAIL, just a lack of validation ? If DSA signatures can't be validated, SERVFAIL is the correct response.