Announcing Virtual DNS: DDoS Mitigation and Global Distribution for DNS Traffic

Published on by Dani Grant.

It’s 9am and CloudFlare has already mitigated three billion malicious requests for our customers today. Six out of every one hundred requests we see are malicious, and increasingly, more of those bad requests are targeting DNS nameservers. DNS is the phone book of the Internet and fundamental to the usability of the web, but is also a serious weak link in Internet security. One of the ways…

Deprecating the DNS ANY meta-query type

Published on by Marek Majkowski.

DNS, one of the oldest technologies running the Internet, keeps evolving. There is a constant stream of new developments, from DNSSEC, through DNS-over-TLS, to a plentiful supply of fresh EDNS extensions. {<1>} [CC BY-ND 2.0](https://creativecommons.org/licenses/by-nd/2.0/) [image](https://www.flickr.com/photos/antarcticabound/) by [Antarctica Bound](https://www.flickr.com/photos/antarcticabound/) New DNS Resource Records types are being…

No upgrade needed: CloudFlare sites already protected from FREAK

Published on by John Graham-Cumming.

The newly announced FREAK vulnerability is not a concern for CloudFlare's SSL customers. We do not support 'export grade' cryptography (which, by its nature, is weak) and we upgraded to the non-vulnerable version of OpenSSL the day it was released in early January. CC BY 2.0 image by Stuart Heath Our OpenSSL configuration is freely available on our Github account here as are our patches to OpenSSL…

Protecting web origins with Authenticated Origin Pulls

Published on by Rajeev Sharma.

As we have been discussing this week, securing the connection between CloudFlare and the origin server is arguably just as important as securing the connection between end users and CloudFlare. The origin certificate authority we announced this week will help CloudFlare verify that it is talking to the correct origin server. But what about verification in the opposite direction? How can the origin verify that the client talking…