Let’s Encrypt recently updated to Unbound 1.18, which enforces more strict compliance with RFC 2308. We announced this change belatedly here. Today we updated our Staging environment to Unbound 1.19. This upgrade has another update to the handling of NXDOMAIN responses.
The exact timeframe for the upgrade to 1.19 in Production is yet to be determined, but will be posted here. We anticipate that this change will have less time in Staging than the 1.18 upgrade, which had 25 days.