u/Cloudflare

A DNSSEC failure broke the .de TLD, risking millions of German domains. See how 1.1.1.1 used "serve stale" and Negative Trust Anchors to restore resolution during the incident.

Key Takeaways:

• A massive DNSSEC failure at the .de TLD on May 5, 2026, threatened to make millions of German domains unreachable.

• We detail how the broken signatures forced all validating DNS resolvers to return SERVFAIL, and how 1.1.1.1 cushioned the impact using "serve stale" (RFC 8767).

• Learn about the critical trade-offs made, including deploying a Negative Trust Anchor equivalent to bypass validation, and what this incident reveals about DNS hierarchy operations.

https://cfl.re/4nhX7Kf

Cloudflare built new servers that looked faster on paper — but didn’t perform better at first.

In this episode of This Week in NET, JQ Lau and Victor Hwang explain what changed, and how a software rewrite unlocked the real gains: • up to 2x performance • lower latency • better efficiency

A good reminder that hardware alone isn’t enough.

Full episode + subscribe → https://ThisWeekinNET.com