DNSSEC Done Right

Published on by Olafur Gudmundsson.

This blog post is probably more personal than the usual posts here. It’s about why I joined CloudFlare. I’ve been working on DNSSEC evolution for a long time as implementor, IETF working group chair, protocol experimenter, DNS operator, consultant, and evangelist. These different perspectives allow me to look at the protocol in a holistic way. First and foremost, it’s important to realize the exact role…

Help us test our DNSSEC implementation

Published on by Filippo Valsorda.

For an introduction to DNSSEC, see our previous post Today is a big day for CloudFlare! We are publishing our first two DNSSEC signed zones for the community to analyze and give feedback on: www.cloudflare-dnssec-auth.com - a fully signed zone managed by CloudFlare www.cloudflare-dnssec-cname.com - an external zone linking to a signed record with a CNAME We've been testing our implementation internally for some…

Flexible SSL & Wordpress: Fixing “Mixed Content” Errors

Published on by David Fritsch.

As many are aware, CloudFlare launched Universal SSL several months ago. We saw lots of customers sign up and start using these new, free SSL certificates. For many customers that didn’t already have an SSL certificate, they were able to use “Flexible SSL”. Flexible SSL creates a secure (HTTPS) connection between the website visitor and CloudFlare and then an in-secure (HTTP) connection between CloudFlare and the origin…

DDoS Packet Forensics: Take me to the hex!

Published on by John Graham-Cumming.

A few days ago, my colleague Marek sent an email about a DDoS attack against one of our DNS servers that we'd been blocking with our BPF rules. He noticed that there seemed to be a strange correlation between the TTL field in the IP header and the IPv4 source address. CC BY 2.0 image by Jeremy Keith The source address was being spoofed, as usual, and…

CloudFlare in 2014: Bigger, Faster, Securer

Published on by John Graham-Cumming.

At the end of 2013 we posted a blog article titled 2013: Rebuild the Engine; 2014: Step on the Gas which explained how in 2013 we had been rebuilding the engine that powers CloudFlare and how we expected 2014 to be when we stepped on the gas. In that blog post, we said that we'd be expanding our network to betters serve customers in China and Latin America…