John wrote: > Just curious, you put the actual TLSA record first and then the CNAMEs. > Any particular reason for the order? the order of records in a zonefile has no impact on, it is purely for us humans and a matter of taste. A DNS server will read the zonefile and will create a binary in-memory data-structure. Carsten