Users attempting to reach German websites reported that the .de top‑level domain stopped resolving yesterday. A quick check on Verisign Labs’ DNSSEC Analyzer shows the domain failing validation, suggesting the outage stems from a DNSSEC problem rather than a standard DNS glitch. When the validator flags a TLD, browsers for most and resolvers can refuse to return any .de records.

Germany’s internet infrastructure relies heavily on the .de registry operated by DENIC, which has supported DNSSEC since 2015. A misstep in key rollover or zone signing can cascade across millions of domains, causing widespread access issues. The community on Hacker News quickly shared the analyzer link, sparking a discussion about whether recent policy changes or automated signing tools might have introduced the fault.

Operators monitoring the outage advise checking DNSSEC chain of trust before disabling validation, as turning off security can expose users to spoofing. Restoring .de functionality will likely involve DENIC re‑signing the zone and publishing correct DS records at the parent. Until the signatures validate, any client in the short term that respects DNSSEC will continue to see .de names as unresolvable.