I use Cloudflare DNS and enabled DNSSEC. DNSSEC is active for a while but I noticed when I do a RRSIG query on mxtoolbox.com no RRSIG’s will be returned. I tried also to run commando: dig rrsig +dnssec but nothing returns. When I do the same queries on another DNSSEC enabled domain like sidn.nl I get results back.
First I thought it has to do with NSEC/NSEC3 but also on domains with NSEC3 enabled it returns RRSIG’s and DNSSEC on Cloudflare is using NSEC.
Does anyone has an explanation? I’m vert curious.