DNSSEC - Page 1 - Cloudflare Blog

Changing Internet Standards to Build A Secure Internet

Published on April 12th, 2017 3:06PM by Dani Grant.

We’ve been working with registrars and registries in the IETF on making DNSSEC easier for domain owners, and over the next two weeks we’ll be starting out by enabling DNSSEC automatically for .dk domains. DNSSEC: A Primer Before we get into the details of how we've improved the

Economical With The Truth: Making DNSSEC Answers Cheap

Published on June 24th, 2016 4:31PM by Dani Grant.

We launched DNSSEC late last year and are already signing 56.9 billion DNS record sets per day. At this scale, we care a great deal about compute cost. One of the ways we save CPU cycles is our unique implementation of negative answers in DNSSEC. CC BY-SA 2.0

A Deep Dive Into DNS Packet Sizes: Why Smaller Packet Sizes Keep The Internet Safe

Published on March 4th, 2016 6:02PM by Dani Grant.

CC BY 2.0 image by Robert Couse-Baker Yesterday we wrote about the 400 gigabit per second attacks we see on our network. One way that attackers DDoS websites is by repeatedly doing DNS lookups that have small queries, but large answers. The attackers spoof their IP address so that

Announcing Universal DNSSEC: Secure DNS for Every Domain

Published on November 10th, 2015 1:56PM by Dani Grant.

CloudFlare launched just five years ago with the goal of building a better Internet. That’s why we are excited to announce that beginning today, anyone on CloudFlare can secure their traffic with DNSSEC in just one simple step. This follows one year after we made SSL available for free,

DNSSEC is Open for Beta

Published on October 20th, 2015 8:54PM by Dani Grant.

Since January, CloudFlare has been running a small, private beta for DNSSEC. Starting today, the DNSSEC beta is open for everyone. To request access, email [email protected] A Background on DNS and DNSSEC DNS is the system that lets your browser know which web server to connect to when

Updating the DNS Registration Model to Keep Pace with Today’s Internet.

Published on February 5th, 2015 6:48PM by Olafur Gudmundsson.

CloudFlare is, arguably, the largest third-party DNS Authoritative operator in the world. We manage well over 1 million domains and have registrations in almost every TLD open for registrations. Our role as a DNS operator is to maintain customer information and publish their records in the global DNS. In this

DNSSEC Done Right

Published on January 29th, 2015 8:10PM by Olafur Gudmundsson.

This blog post is probably more personal than the usual posts here. It’s about why I joined CloudFlare. I’ve been working on DNSSEC evolution for a long time as implementor, IETF working group chair, protocol experimenter, DNS operator, consultant, and evangelist. These different perspectives allow me to look

Help us test our DNSSEC implementation

Published on January 29th, 2015 1:03PM by Filippo Valsorda.

For an introduction to DNSSEC, see our previous post Today is a big day for CloudFlare! We are publishing our first two DNSSEC signed zones for the community to analyze and give feedback on: www.cloudflare-dnssec-auth.com - a fully signed zone managed by CloudFlare www.cloudflare-dnssec-cname.com - an