A broken DNSSEC rollover took down .AL. Now 1.1.1.1 tells you when validation is bypassed

Read full story on Cloudflare Blog
Share
A broken DNSSEC rollover took down .AL. Now 1.1.1.1 tells you when validation is bypassed
AI disclosure

Summary

When a failed DNSSEC key rollover took down the .AL TLD, we deployed a Negative Trust Anchor to restore resolution. This time, though, clients didn't have to take our word for it: 1.1.1.1 returned EDE 33, a new DNS error code that signals directly in the response that DNSSEC validation was bypassed.

Original reporting

Open original source

Related coverage

Read full article on Cloudflare Blog

Get the AFBytes Brief

Major stories, AI-assisted analysis, and what to watch next. Free, monthly, unsubscribe anytime.