Describe the bug

Will cause ugly failures on named startup.

see master.rs, crates/client/src/serialize/txt/rdata_parsers/null.rs, crates/server/src/store/forwarder/authority.rs

The unbound.conf(5) page doesn't say how unbound handles a list of upstream servers it gets via stub-addr (or forward-addr).

• Does it always use the first one first, and fall back to the 2nd(, 3rd etc.) if some condition is met? (If so, what condition? Timeout? SERVFAIL? DNSSEC verification failure?)
• Does it use them in round-robin fashion?
• Does it choose one to query randomly?

To make it possible to package Zonemaster we have to have better control of what dependencies are used increase the use of binary packages. One tool to use is the --scandeps option to cpanm to check if there are any remaining unresolved dependencies to the distribution package to be installed. E.g.

cpanm --scandeps Zonemaster-Backend-5.0.0.tar.gz
cpanm --scandeps Zonemaster-CLI-v2.0.2

Ideally, the box should only have access to a few internet sites, all the rest being blocked and logged.
For instance, access to Debian repositories, ClamAV updates, rspamd repositories, etc.

• A whitelist / blacklist proxy, like tinyproxy might be enough.
• Adding appropriate firewall rules to automatically redirect the traffic to the proxy might be interestin

Hi,
i've looked little bit in your code and found out that the Public DNS Server from google are hardcoded into the library. I guess you know from the data collection from google and in my opinion the Google server are the worst choice from all possible dns servers (together with cloudfare).

So i have one question and one request:

1. Under which circumstances will the hardcoded dns server be

Enable OCSP Staple in NGINX

This notice is shown for the the most recent Travis getdns-node cron build (or at least the specific build jobs).

This job ran on our Precise, sudo: required environment which will be updated on May 3rd. You can check [more details about this in our blog](https://blo

On the front page we say: "test your website" and just below we ask "Your domain name". We should consider to use the same term.

It really needs some kind of framework but I should just start with the easy stuff and build it as we go.

1. Search for "is is" and "not not", a couple of typos.
2. For the section titled "Why use DANE for SMTP?", it seems to be backward. The section first notes the dangers, and it should perhaps instead list the advantages first. Might need to rework that section.
3. There are two illustrations titled "Mail delivery: TLS with MITM using evil certificate", not sure if that was intentional, seems l