Is the following assumption reasonable? if there are multiple TLSA dane-ee (type 3) records for a particular service, none of which match the current generated record, they can (maybe should) be deleted. The same "rule" can be could be applied to dane type 2 records.