{"schema_version":"onlylabs.public_signal.v1","title":"Cloudflare (Workers AI) Writing: When DNSSEC goes wrong: how we responded to the .de TLD outage","description":"Cloudflare (Workers AI) writing signal with public source context, captured evidence pages, related signals, and category-scoped analysis context.","url":"https://onlylabs.fyi/signals/9111f581-ea8a-4640-9cbe-a67b2c42ec14","json_url":"https://onlylabs.fyi/signals/9111f581-ea8a-4640-9cbe-a67b2c42ec14/signal.json","generated_at":"2026-06-07T21:14:36.344395+00:00","org":{"slug":"cloudflare","name":"Cloudflare (Workers AI)","category":"neocloud","category_label":"Neocloud","dossier_url":"https://onlylabs.fyi/labs/cloudflare","dossier_json_url":"https://onlylabs.fyi/labs/cloudflare/dossier.json"},"related_urls":{"signal":"https://onlylabs.fyi/signals/9111f581-ea8a-4640-9cbe-a67b2c42ec14","signal_json":"https://onlylabs.fyi/signals/9111f581-ea8a-4640-9cbe-a67b2c42ec14/signal.json","source":"https://blog.cloudflare.com/de-tld-outage-dnssec/","lab_dossier":"https://onlylabs.fyi/labs/cloudflare","lab_dossier_json":"https://onlylabs.fyi/labs/cloudflare/dossier.json","analysis":"https://onlylabs.fyi/analysis/cloudflare","analysis_json":"https://onlylabs.fyi/analysis/cloudflare/analysis.json","analysis_evidence_json":"https://onlylabs.fyi/analysis/cloudflare/evidence.json","category":"https://onlylabs.fyi/neoclouds","category_json":"https://onlylabs.fyi/neoclouds.json","category_feed":"https://onlylabs.fyi/neoclouds/feed.xml","category_signals_json":"https://onlylabs.fyi/signals.json?category=neocloud","topic":"https://onlylabs.fyi/topics/talking","topic_signals_json":"https://onlylabs.fyi/topics/talking/signals.json?category=neocloud","topic_feed":"https://onlylabs.fyi/topics/talking/feed.xml?category=neocloud","data_business":null},"answer_pack":{"answer":"Cloudflare (Workers AI) published When DNSSEC goes wrong: how we responded to the .de TLD outage. This talking signal gives public context for research themes, product direction, policy, or launch framing. High-signal details: Routine technical blog post, low traction · When DNSSEC goes wrong: how we responded to the .de TLD outage When DNSSEC goes wrong: how we responded to the .de TLD outage 2026-05-06 Sebastiaan Neuteboom Christian.... onlylabs links this event to 1 captured evidence page and 6 related writing signals.","signal_desk":"talking","source_context":{"source_url":"https://blog.cloudflare.com/de-tld-outage-dnssec/","source_host":"blog.cloudflare.com","occurred_at":"2026-05-05T00:00:00.000Z","first_seen_at":"2026-06-05T22:32:14.118742+00:00","date_source":"page.visible_date","context":null},"context_markers":[{"label":"Lab","value":"Cloudflare (Workers AI)","source":"signal"},{"label":"Signal desk","value":"talking","source":"signal"},{"label":"Source host","value":"blog.cloudflare.com","source":"source"},{"label":"Author","value":"Sebastiaan Neuteboom","source":"source"},{"label":"Notability","value":"Routine technical blog post, low traction","source":"signal"},{"label":"Watch term","value":"Safety and alignment","source":"evidence"}],"evidence_coverage":{"target_pages":1,"captured_pages":1,"readable_pages":1,"capture_methods":["plain"],"missing_page_urls":[],"failed_page_urls":[],"blocked_page_urls":[],"page_urls":["https://blog.cloudflare.com/de-tld-outage-dnssec/"],"related_signals":6,"has_source_url":true,"latest_page_fetched_at":"2026-06-07T21:14:36.344395+00:00"},"data_business":{"matches":false,"lanes":[],"matched_terms":[],"score":null,"reason":null},"agent_handoff":{"signal_json":"https://onlylabs.fyi/signals/9111f581-ea8a-4640-9cbe-a67b2c42ec14/signal.json","dossier_json":"https://onlylabs.fyi/labs/cloudflare/dossier.json","analysis_json":"https://onlylabs.fyi/analysis/cloudflare/analysis.json","analysis_evidence_json":"https://onlylabs.fyi/analysis/cloudflare/evidence.json","topic_signals_json":"https://onlylabs.fyi/topics/talking/signals.json?category=neocloud","topic_feed":"https://onlylabs.fyi/topics/talking/feed.xml?category=neocloud","category_signals_json":"https://onlylabs.fyi/signals.json?category=neocloud","data_radar_json":null,"opportunities_json":null},"analysis_playbook":{"objective":"Turn public writing and discussion into a readable map of research themes, product framing, policy posture, launch narratives, and market attention.","evidence_focus":["post title","source URL","captured page text","HN traction","linked model or paper references","publication date"],"extraction_questions":["Which themes are labs choosing to explain publicly?","Which posts are attracting outside discussion?","Which writing reframes a recent release, model, hiring wave, or policy stance?","Which posts mention data, evals, infrastructure, safety, or deployment workflows?"],"signal_questions":["What public theme, launch framing, or research direction does this writing signal expose?","Which themes are labs choosing to explain publicly?","Which posts are attracting outside discussion?","Do the 6 related writing signals show a repeated pattern?"],"output_fields":["org","theme","public_framing","traction","evidence_url"],"data_business_relevance":"Data-business lane extraction is scoped to frontier labs; for this category, keep conclusions tied to category-specific strategy, source evidence, and follow-up questions.","required_sources":[{"label":"signal_json","url":"https://onlylabs.fyi/signals/9111f581-ea8a-4640-9cbe-a67b2c42ec14/signal.json","required":true},{"label":"source","url":"https://blog.cloudflare.com/de-tld-outage-dnssec/","required":true},{"label":"dossier_json","url":"https://onlylabs.fyi/labs/cloudflare/dossier.json","required":true},{"label":"analysis_evidence_json","url":"https://onlylabs.fyi/analysis/cloudflare/evidence.json","required":true},{"label":"topic_signals_json","url":"https://onlylabs.fyi/topics/talking/signals.json?category=neocloud","required":false},{"label":"data_radar_json","url":null,"required":false}],"expected_output":["one-paragraph source-grounded interpretation","category-specific implication","confidence and missing evidence","recommended next source to inspect"],"prompt_seed":"Using only the linked onlylabs JSON, captured source context, and cited evidence, analyze Cloudflare (Workers AI)'s writing signal \"When DNSSEC goes wrong: how we responded to the .de TLD outage\" for neocloud strategy."},"semantic_triples":[{"subject":"Cloudflare (Workers AI)","predicate":"published","object":"When DNSSEC goes wrong: how we responded to the .de TLD outage","text":"Cloudflare (Workers AI) published When DNSSEC goes wrong: how we responded to the .de TLD outage."},{"subject":"When DNSSEC goes wrong: how we responded to the .de TLD outage","predicate":"is classified as","object":"writing signal","text":"When DNSSEC goes wrong: how we responded to the .de TLD outage is classified as writing signal."},{"subject":"When DNSSEC goes wrong: how we responded to the .de TLD outage","predicate":"belongs to","object":"talking desk","text":"When DNSSEC goes wrong: how we responded to the .de TLD outage belongs to talking desk."},{"subject":"When DNSSEC goes wrong: how we responded to the .de TLD outage","predicate":"has evidence coverage","object":"1 captured evidence page","text":"When DNSSEC goes wrong: how we responded to the .de TLD outage has evidence coverage 1 captured evidence page."},{"subject":"When DNSSEC goes wrong: how we responded to the .de TLD outage","predicate":"has captured page count","object":"1","text":"When DNSSEC goes wrong: how we responded to the .de TLD outage has captured page count 1."},{"subject":"When DNSSEC goes wrong: how we responded to the .de TLD outage","predicate":"has readable page count","object":"1","text":"When DNSSEC goes wrong: how we responded to the .de TLD outage has readable page count 1."},{"subject":"When DNSSEC goes wrong: how we responded to the .de TLD outage","predicate":"has related signal count","object":"6","text":"When DNSSEC goes wrong: how we responded to the .de TLD outage has related signal count 6."},{"subject":"When DNSSEC goes wrong: how we responded to the .de TLD outage","predicate":"has analysis playbook objective","object":"Turn public writing and discussion into a readable map of research themes, product framing, policy posture, launch narratives, and market attention.","text":"When DNSSEC goes wrong: how we responded to the .de TLD outage has analysis playbook objective Turn public writing and discussion into a readable map of research themes, product framing, policy posture, launch narratives, and market attention.."},{"subject":"When DNSSEC goes wrong: how we responded to the .de TLD outage","predicate":"has source host","object":"blog.cloudflare.com","text":"When DNSSEC goes wrong: how we responded to the .de TLD outage has source host blog.cloudflare.com."},{"subject":"When DNSSEC goes wrong: how we responded to the .de TLD outage","predicate":"has lab","object":"Cloudflare (Workers AI)","text":"When DNSSEC goes wrong: how we responded to the .de TLD outage has lab Cloudflare (Workers AI)."},{"subject":"When DNSSEC goes wrong: how we responded to the .de TLD outage","predicate":"has signal desk","object":"talking","text":"When DNSSEC goes wrong: how we responded to the .de TLD outage has signal desk talking."},{"subject":"When DNSSEC goes wrong: how we responded to the .de TLD outage","predicate":"has source host","object":"blog.cloudflare.com","text":"When DNSSEC goes wrong: how we responded to the .de TLD outage has source host blog.cloudflare.com."},{"subject":"When DNSSEC goes wrong: how we responded to the .de TLD outage","predicate":"has author","object":"Sebastiaan Neuteboom","text":"When DNSSEC goes wrong: how we responded to the .de TLD outage has author Sebastiaan Neuteboom."},{"subject":"When DNSSEC goes wrong: how we responded to the .de TLD outage","predicate":"has notability","object":"Routine technical blog post, low traction","text":"When DNSSEC goes wrong: how we responded to the .de TLD outage has notability Routine technical blog post, low traction."},{"subject":"When DNSSEC goes wrong: how we responded to the .de TLD outage","predicate":"has watch term","object":"Safety and alignment","text":"When DNSSEC goes wrong: how we responded to the .de TLD outage has watch term Safety and alignment."}]},"intelligence":{"signal_desk":"talking","answer":"Cloudflare (Workers AI) published When DNSSEC goes wrong: how we responded to the .de TLD outage. This talking signal gives public context for research themes, product direction, policy, or launch framing. High-signal details: Routine technical blog post, low traction · When DNSSEC goes wrong: how we responded to the .de TLD outage When DNSSEC goes wrong: how we responded to the .de TLD outage 2026-05-06 Sebastiaan Neuteboom Christian.... onlylabs links this event to 1 captured evidence page and 6 related writing signals.","semantic_triples":[{"subject":"Cloudflare (Workers AI)","predicate":"published","object":"When DNSSEC goes wrong: how we responded to the .de TLD outage","text":"Cloudflare (Workers AI) published When DNSSEC goes wrong: how we responded to the .de TLD outage."},{"subject":"When DNSSEC goes wrong: how we responded to the .de TLD outage","predicate":"is classified as","object":"writing signal","text":"When DNSSEC goes wrong: how we responded to the .de TLD outage is classified as writing signal."},{"subject":"When DNSSEC goes wrong: how we responded to the .de TLD outage","predicate":"belongs to","object":"talking desk","text":"When DNSSEC goes wrong: how we responded to the .de TLD outage belongs to talking desk."},{"subject":"When DNSSEC goes wrong: how we responded to the .de TLD outage","predicate":"has evidence coverage","object":"1 captured evidence page","text":"When DNSSEC goes wrong: how we responded to the .de TLD outage has evidence coverage 1 captured evidence page."}]},"signal":{"id":"9111f581-ea8a-4640-9cbe-a67b2c42ec14","url":"https://onlylabs.fyi/signals/9111f581-ea8a-4640-9cbe-a67b2c42ec14","json_url":"https://onlylabs.fyi/signals/9111f581-ea8a-4640-9cbe-a67b2c42ec14/signal.json","source_url":"https://blog.cloudflare.com/de-tld-outage-dnssec/","title":"When DNSSEC goes wrong: how we responded to the .de TLD outage","summary":"Cloudflare (Workers AI) published a writing signal. onlylabs watches public writing for research themes, product direction, and model-launch context.","context":null,"kind":{"key":"post_published","label":"Writing"},"org":{"slug":"cloudflare","name":"Cloudflare (Workers AI)","category":"neocloud"},"occurred_at":"2026-05-05T00:00:00.000Z","first_seen_at":"2026-06-05T22:32:14.118742+00:00","date_source":"page.visible_date","evidence_coverage":{"target_pages":1,"captured_pages":1,"readable_pages":1,"capture_methods":["plain"],"missing_page_urls":[],"failed_page_urls":[],"blocked_page_urls":[],"page_urls":["https://blog.cloudflare.com/de-tld-outage-dnssec/"]},"facets":{},"traction":{"github_stars":null,"hn_points":9,"hn_comments":0,"hn_story_id":"48039997","hf_downloads":null,"hf_likes":null},"data_radar":null},"primary_evidence_page":{"url":"https://blog.cloudflare.com/de-tld-outage-dnssec/","final_url":"https://blog.cloudflare.com/de-tld-outage-dnssec/","title":"When DNSSEC goes wrong: how we responded to the .de TLD outage","http_status":200,"content_type":"text/html","capture_method":"plain","fetched_at":"2026-06-07T21:14:36.344395+00:00","bytes":350576,"raw_path":"2d851a835ee6aaecc3f6cfb94af2278aaebf64e11e9deeba7cb3a9e78063938e.html","content_hash":"0b4d6475c95dcf475bd429de274cc81e55f52c02850ad5fe0d00ea63c7f4100c","excerpt_chars":1200,"truncated":true,"excerpt":"When DNSSEC goes wrong: how we responded to the .de TLD outage When DNSSEC goes wrong: how we responded to the .de TLD outage 2026-05-06 Sebastiaan Neuteboom Christian Elmerot Max Worsley 8 min read On May 5, 2026, at roughly 19:30 UTC, DENIC, the registry operator for the .de country-code top-level domain (TLD), started publishing incorrect DNSSEC signatures for the .de zone. Any validating DNS resolver receiving these signatures was required by the DNSSEC specification to reject them and return SERVFAIL to clients, including 1.1.1.1 , the public DNS resolver operated by Cloudflare. The country-code top-level domain for Germany, .de , is one of the largest on the Internet. On Cloudflare Radar , it consistently ranks among the most broadly queried TLDs globally. An outage at this level of the DNS hierarchy has the potential to make millions of domains unreachable. In this post, we’ll walk through what we saw, the impact of these events, and how we applied temporary mitigations while DENIC resolved the issue. How DNSSEC works DNSSEC (Domain Name System Security Extensions) adds cryptographic authentication to DNS. When a zone is signed with DNSSEC, each set of records is..."},"evidence_pages":[{"url":"https://blog.cloudflare.com/de-tld-outage-dnssec/","final_url":"https://blog.cloudflare.com/de-tld-outage-dnssec/","title":"When DNSSEC goes wrong: how we responded to the .de TLD outage","http_status":200,"content_type":"text/html","capture_method":"plain","fetched_at":"2026-06-07T21:14:36.344395+00:00","bytes":350576,"raw_path":"2d851a835ee6aaecc3f6cfb94af2278aaebf64e11e9deeba7cb3a9e78063938e.html","content_hash":"0b4d6475c95dcf475bd429de274cc81e55f52c02850ad5fe0d00ea63c7f4100c","excerpt_chars":1200,"truncated":true,"excerpt":"When DNSSEC goes wrong: how we responded to the .de TLD outage When DNSSEC goes wrong: how we responded to the .de TLD outage 2026-05-06 Sebastiaan Neuteboom Christian Elmerot Max Worsley 8 min read On May 5, 2026, at roughly 19:30 UTC, DENIC, the registry operator for the .de country-code top-level domain (TLD), started publishing incorrect DNSSEC signatures for the .de zone. Any validating DNS resolver receiving these signatures was required by the DNSSEC specification to reject them and return SERVFAIL to clients, including 1.1.1.1 , the public DNS resolver operated by Cloudflare. The country-code top-level domain for Germany, .de , is one of the largest on the Internet. On Cloudflare Radar , it consistently ranks among the most broadly queried TLDs globally. An outage at this level of the DNS hierarchy has the potential to make millions of domains unreachable. In this post, we’ll walk through what we saw, the impact of these events, and how we applied temporary mitigations while DENIC resolved the issue. How DNSSEC works DNSSEC (Domain Name System Security Extensions) adds cryptographic authentication to DNS. When a zone is signed with DNSSEC, each set of records is..."}],"related_signals":[{"id":"224fa7ff-e825-4f71-92de-ad4ed336e6e4","url":"https://onlylabs.fyi/signals/224fa7ff-e825-4f71-92de-ad4ed336e6e4","source_url":"https://blog.cloudflare.com/private-origins-dns-routing/","title":"Route public traffic to private applications with Cloudflare","context":null,"kind":{"key":"post_published","label":"Writing"},"org":{"slug":"cloudflare","name":"Cloudflare (Workers AI)","category":"neocloud"},"occurred_at":"2026-06-10T13:00:00+00:00","first_seen_at":"2026-06-11T07:01:30.73661+00:00","date_source":"rss.item_date"},{"id":"19c1aa86-cbcf-49c0-ba43-9bdb6b848150","url":"https://onlylabs.fyi/signals/19c1aa86-cbcf-49c0-ba43-9bdb6b848150","source_url":"https://blog.cloudflare.com/frontier-model-defense/","title":"Defend against frontier cyber models: Cloudflare's architecture as customer zero","context":null,"kind":{"key":"post_published","label":"Writing"},"org":{"slug":"cloudflare","name":"Cloudflare (Workers AI)","category":"neocloud"},"occurred_at":"2026-06-09T06:00:00+00:00","first_seen_at":"2026-06-10T07:01:36.764443+00:00","date_source":"rss.item_date"},{"id":"b7c25abb-905a-4512-be1c-728c37aec267","url":"https://onlylabs.fyi/signals/b7c25abb-905a-4512-be1c-728c37aec267","source_url":"https://blog.cloudflare.com/realtime-threat-intel-waf-rules/","title":"Turning Cloudflare’s threat indicators into real-time WAF rules","context":null,"kind":{"key":"post_published","label":"Writing"},"org":{"slug":"cloudflare","name":"Cloudflare (Workers AI)","category":"neocloud"},"occurred_at":"2026-06-08T13:00:00+00:00","first_seen_at":"2026-06-09T07:00:44.379079+00:00","date_source":"rss.item_date"},{"id":"0a3c44ce-32db-4ae9-b9a5-cdba5188203e","url":"https://onlylabs.fyi/signals/0a3c44ce-32db-4ae9-b9a5-cdba5188203e","source_url":"https://blog.cloudflare.com/ai-gateway-spend-limits/","title":"Your AI bill is out of control. Cloudflare can fix it now. ","context":null,"kind":{"key":"post_published","label":"Writing"},"org":{"slug":"cloudflare","name":"Cloudflare (Workers AI)","category":"neocloud"},"occurred_at":"2026-06-05T13:00:00+00:00","first_seen_at":"2026-06-05T22:32:14.118742+00:00","date_source":"rss.item_date"},{"id":"1eb2b6b6-5c21-47f0-a7fc-71b8badf109c","url":"https://onlylabs.fyi/signals/1eb2b6b6-5c21-47f0-a7fc-71b8badf109c","source_url":"https://blog.cloudflare.com/voidzero-joins-cloudflare/","title":"VoidZero is joining Cloudflare","context":null,"kind":{"key":"post_published","label":"Writing"},"org":{"slug":"cloudflare","name":"Cloudflare (Workers AI)","category":"neocloud"},"occurred_at":"2026-06-04T12:59:00+00:00","first_seen_at":"2026-06-05T22:32:14.118742+00:00","date_source":"rss.item_date"},{"id":"b2985d85-f194-41f3-a7f1-577c6aa0eedc","url":"https://onlylabs.fyi/signals/b2985d85-f194-41f3-a7f1-577c6aa0eedc","source_url":"https://blog.cloudflare.com/enforce-first-as-bgp/","title":"Enforcing the First AS in BGP AS_PATHs","context":null,"kind":{"key":"post_published","label":"Writing"},"org":{"slug":"cloudflare","name":"Cloudflare (Workers AI)","category":"neocloud"},"occurred_at":"2026-06-03T17:00:00+00:00","first_seen_at":"2026-06-05T22:32:14.118742+00:00","date_source":"rss.item_date"}]}