Debugging war story: the mystery of NXDOMAIN

Published on by Ivan Babrou.

The following blog post describes a debugging adventure on Cloudflare's Mesos-based cluster. This internal cluster is primarily used to process log file information so that Cloudflare customers have analytics, and for our systems that detect and respond to attacks. The problem encountered didn't have any effect on our customers, but

TLD glue sticks around too long

Published on by Marek Majkowski.

Recent headline grabbing DDoS attacks provoked heated debates in the DNS community. Everyone has strong opinions on how to harden DNS to avoid downtime in the future. Is it better to use a single DNS provider or multiple? What DNS TTL values are best? Does DNSSEC make you more or

How the Dyn outage affected Cloudflare

Published on by John Graham-Cumming.

Last Friday the popular DNS service Dyn suffered three waves of DDoS attacks that affected users first on the East Coast of the US, and later users worldwide. Popular websites, some of which are also Cloudflare customers, were inaccessible. Although Cloudflare was not attacked, joint Dyn/Cloudflare customers were affected.

How Cloudflare's Architecture Allows Us to Scale to Stop the Largest Attacks

Published on by Matthew Prince.

The last few weeks have seen several high-profile outages in legacy DNS and DDoS-mitigation services due to large scale attacks. Cloudflare's customers have, understandably, asked how we are positioned to handle similar attacks. While there are limits to any service, including Cloudflare, we are well architected to withstand these recent

Announcing New Features To Help Hosting Providers Run Their Own Reliable DNS Infrastructure

Published on by Dani Grant.

Over the last six years, we’ve built the tooling, infrastructure and expertise to run a DNS network that handles our scale - we’ve answered a few million DNS queries in the few seconds since you started reading this. DNS is the backbone of the internet. Every email, website