upvote
> "But why are those providers returning incorrect data?"

In this case, because they decided actually implementing the protocol they were supposed to be implementing didn't work for their hacky design, so they hacked together a series of Good Enough workarounds.

These cloud companies are the Microsoft Internet Explorer of DNS service but unlike IE6 they're considered cool enough that they're tolerated.

reply
Cloudflare is well known for breaking DNS standards whenever they feel like it; they’re too big to ignore, so they get away with murder.
reply
So you’re cool with letting anyone walk your DNS?
reply
The problem here is that computing three 3 NSEC3 records as you might need to return an NXDOMAIN was considered too expensive. It's just a choice to reduce their costs while increasing complexity for everyone else.
reply