[dns-operations] slack.com bogus

[vom513]

I see it as broken at home on my validating BIND instance (I get SERVFAIL).

Interesting (at least to me) - checking 8.8.8.8 and 1.1.1.1 I get A records back just fine.  However no ‘ad’ flag (using dig).  Other DNSSEC signed zones still give ad off quad-8/quad-1 though.

So perhaps a dumb question - could Google and Cloudflare be hitting some kind of “manual overrride” to not validate a given zone - i.e. human intervention / look the other way ?

Or is there a more technical explanation that I could be missing ?