HTTP/2 Server Push with multiple assets per Link header

Published on by John Graham-Cumming.

In April we announced that we had added experimental support for HTTP/2 Server Push to all CloudFlare web sites. We did this so that our customers could iterate on this new functionality. CC BY 2.0 image by https://www.flickr.com/photos/mryipyop/ Our implementation of Server Push made use of the HTTP Link header as detailed in W3C Preload Working Draft. We also showed how…

The complete guide to Go net/http timeouts

Published on by Filippo Valsorda.

When writing an HTTP server or client in Go, timeouts are amongst the easiest and most subtle things to get wrong: there’s many to choose from, and a mistake can have no consequences for a long time, until the network glitches and the process hangs. HTTP is a complex multi-stage protocol, so there's no one-size fits all solution to timeouts. Think about a streaming endpoint versus a…

Economical With The Truth: Making DNSSEC Answers Cheap

Published on by Dani Grant.

We launched DNSSEC late last year and are already signing 56.9 billion DNS record sets per day. At this scale, we care a great deal about compute cost. One of the ways we save CPU cycles is our unique implementation of negative answers in DNSSEC. CC BY-SA 2.0 image by Chris Short I will briefly explain a few concepts you need to know about DNSSEC and…

A post-mortem on this morning's incident

Published on by Jérôme Fleury.

We would like to share more details with our customers and readers on the internet outages that occurred this morning and earlier in the week, and what we are doing to prevent these from happening again. June 17 incident On June 17, at 08:32 UTC, our systems detected a significant packet loss between multiple destinations on one of our major transit provider backbone networks, Telia Carrier. In…

Join Us And Paul Vixie On Tuesday To Discuss BIND, Root Servers, And DNS Security

Published on by Dani Grant.

CloudFlare and Gandi have been hosting a speaker series on DNS, previously bringing in the founder of DNS Paul Mockapetris and Dan Kaminsky, who uncovered one of the most critical vulnerabilities in DNS. Our third and final talk is coming up on June 21st at 6PM PST at the Gandi office in San Francisco (live stream link will be posted on the Meetup page) and you won’t…