Looks like the debug page showed success, and then reverted to failure for timeout. Is the validation mechanism using a caching nameserver, or does it query the authoritative server every time? The latter could explain timeouts if the authoritative server has any sort of DDoS protection.
So far I haven't had issues with afraid.org except in the present case, so I'd assume DDoS limitation -- but that's also assuming BS hits the authoritative server, not a recursive server that would cache the answer and lessen the load on afraid. Would you perchance know?
Yeah, point taken, but there would probably still be cases where the entire domain hasn't been trusted. It's common to have CDNs and other things like this on alternative domains for various reasons. And fortunately, this is the last domain to worry about for the foreseeable future.