domain-insecure should appear in a server clause.