How is my DNSSEC enabled domain still serving a tiny number of NXDOMAIN response codes?
TL;DR The lack of NXDOMAIN responses for Cloudflare hosted domains is a consequence of their specific DNSSEC implementation (using so called “black lies”) and not a design of the DNSSEC protocol itself; hence observations will be different with other providers doing DNSSEC. Initial questions How are NXDOMAIN responses still possible? Why wouldn’t they be possible? … Read more