# ----------------- # DNS problems: TLSA record lookup failure, dropped queries, incorrect denial # of existence proofs, looping CNAMEs, ... # ----------------- # STARTTLS problems: TLSA records that don't match the server certificate # chain, or no STARTTLS support at all