Tools I’m using to test DNSSEC, and perhaps others might recommend something else or even cli commands best to use for testing also:
https://dnsviz.net/ | Zonemaster.se | https://dnssec-debugger.verisignlabs.com/
Similar errors reported to what I saw and inquired about in my prior opening post: Zonemaster.net - Domain check
Adding notes for future assistance to others searching this topic:
Having NS2 point to another IP as best practice
Probably Ok
My remaining question is: Would I ever want to use a DNSSEC analysis to determine DNSKEY values and add that to a DNS for domain on cloudflare dns and also cloudflare is my registrar domain since I can’t change the dnssec record cloudflare adds when enabled or just leave it off for domains registeredt at cloudflare?
And is Multi-signer DNSSEC a toggle (ON or OFF - default is off) I’d want to use for anything MIAB related on my cloudflare domain I’m using for email? (Cloudflare explains this as: Multi-signer DNSSEC allows Cloudflare and your other authoritative DNS providers to serve the same zone and have DNSSEC enabled at the same time.)
Edit: added resources & new questions I located after OP.