CDNTechnical DevelopmentMay 6, 2026

Cloudflare says faulty .de DNSSEC signatures broke millions of domains

On May 5, 2026, DENIC, the administrator for the .de TLD, published faulty DNSSEC signatures, rendering millions of German domains unreachable. Cloudflare detailed its response to this outage, explaining how its 1.1.1.1 resolver cushioned the impact using "serve stale" functionality and how it ultimately restored DNS resolution for affected domains.

Key Takeaways

DENIC published broken DNSSEC signatures for the .de TLD on May 5, 2026.
Cloudflare said millions of .de domains became unreachable after the signing error.
Cloudflare’s 1.1.1.1 resolver used serve-stale functionality to cushion the outage.
Cloudflare later restored DNS resolution for affected .de domains.

Why It Matters

The immediate takeaway is that a DNSSEC signing error at a TLD can take millions of domains offline, and resolver behavior becomes the difference between total failure and partial continuity. Cloudflare’s 1.1.1.1 response shows how serve-stale handling can preserve access during authoritative DNS problems. For the broader internet stack, the incident is a reminder that TLD operators and public resolvers are tightly coupled in outage response. The specific signal to watch next is whether operators reference .de’s outage when evaluating DNSSEC operational safeguards and resolver fallback behavior.

Read full article at blog.cloudflare.com

wTVision: wTVision uses seat sensors for real-time audience voting on Tele 5 talent show

The Broadcast Bridge: Decoding H.264: Navigating AVC Profiles, Levels, and Signaling for Streaming

wTVision: wTVision Powers Real-Time Graphics for Nine Global Football Leagues