Skip to content

Cloudflare Blog

Technical deep dives, product updates, and insights from the teams that are helping to build a better Internet.

A broken DNSSEC rollover took down .al. Now 1.1.1.1 tells you when validation is bypassed

When a failed DNSSEC key rollover took down the .al TLD, we deployed a Negative Trust Anchor to restore resolution. This time, though, clients didn't have to take our word for it: 1.1.1.1 returned EDE 33, a new DNS error code that signals directly in the response that DNSSEC validation was bypassed.

Making AI search smarter

Search is how we find nearly everything on the web — creators, merchants, answers. AI is rewriting the rules, leaving creators caught between staying discoverable in an agentic era and getting paid for their work. Today we're launching two initiatives to help.