Every other field required to perform DNSSEC validation is returned by these APIs, and the API protocol formats from Google and CloudFlare are exactly the same, yet both of them specifically omit the DS RRSIG field.
Why is this the case? I figure we're just doing DNS lookup, but over HTTPS, so why is this field specifically omitted?
We've tried getting in touch but haven't had much luck digging into it.