The "dnssec-or-not" web site is going through a redesign.
Previously the test was implemented entirely using the DNS protocol.
Unfortunately, a DNS server cannot be absolutely sure that a DNS client
is fully protected by DNSSEC. This led to false positives. The test
is being redesigned to increase its accuracy.