DNSSEC signing error at .de TLD caused mass outages
🔐 On May 5, 2026, DENIC began publishing incorrect DNSSEC signatures for the .de zone, causing validating resolvers to reject responses and return SERVFAIL—impacting .de domains worldwide and affecting Cloudflare’s 1.1.1.1. Many users were buffered by serve stale behavior, but Cloudflare deployed an override equivalent to a Negative Trust Anchor at 22:17 UTC to bypass validation and restore reachability while DENIC corrected the key rollover.
