2026-05-06
On May 5, 2026, DENIC published broken DNSSEC signatures for the .de TLD, making millions of domains unreachable. Here's what 1.1.1.1 saw, how serve stale cushioned the impact, and how we restored resolution....
Continue reading »
2024-02-29
Cloudflare recently fixed two critical DNSSEC vulnerabilities: CVE-2023-50387 and CVE-2023-50868. Both of these vulnerabilities can exhaust computational resources of validating DNS resolvers. These vulnerabilities do not affect our Authoritative DNS or DNS firewall products...
2023-07-11
On July 9, 2023, users in the Asia Pacific region experienced connection errors due to origin DNS resolution failures to .com and .net TLD nameservers...
2022-03-09
DNSSEC issues with the .fj ccTLD caused problems reaching websites on the island nation...
April 17, 2020
BGP leaks and leaks and hijacks have been accepted as an unavoidable part of the Internet for far too long. Today, we are releasing isBGPSafeYet.com, a website to track deployments and filtering of invalid routes by the major networks....
March 15, 2019
Ladies and gentlemen, I would like you to welcome the new shiny RFC8482, which effectively deprecates DNS ANY query type. DNS ANY was a "meta-query" - think about it as a similar thing to the common A, AAAA, MX or SRV query types, but unlike these it wasn't a real query type - it...
February 22, 2019
We’re excited to make Cloudflare Registrar available to all of our customers and we’d like to share some insights and data about domain registration that we learned during the early access period....
January 16, 2019
When you launch a domain, you rely on the Domain Name System to direct your users to your site. However, DNS can't guarantee that visitors reach your content because basic DNS lacks authentication....
September 18, 2018
Cloudflare first started talking about DNSSEC in 2014 and at the time, Nick Sullivan wrote: “DNSSEC is a valuable tool for improving the trust and integrity of DNS, the backbone of the modern Internet.”...
September 17, 2018
Use Cloudflare’s IPFS gateway to set up a website which is end-to-end secure, while maintaining the performance and reliability benefits of being served from Cloudflare’s edge network....
September 17, 2018
Today we’re excited to introduce Cloudflare’s IPFS Gateway, an easy way to access content from the the InterPlanetary File System (IPFS) that doesn’t require installing and running any special software on your computer....
August 06, 2018
Cloudflare recently updated the authoritative DNS service to support nine new record types. Since these records are less commonly used than what we previously supported, we thought it would be a good idea to do a brief explanation of each record type and how it is used....
February 06, 2018
The root of the DNS tree has been using DNSSEC to protect the zone content since 2010. DNSSEC is simply a mechanism to provide cryptographic signatures alongside DNS records that can be validated, i.e. prove the answer is correct and has not been tampered with. ...
August 18, 2017
As opposed to the public telephone network, the internet has a Packet Switched design. But just how big can these packets be?...
April 12, 2017
We’ve been working with registrars and registries in the IETF on making DNSSEC easier for domain owners, and over the next two weeks we’ll be starting out by enabling DNSSEC automatically for .dk domains....
June 24, 2016
We launched DNSSEC late last year and are already signing 56.9 billion DNS record sets per day. At this scale, we care a great deal about compute cost....
May 09, 2016
Very early on in the company’s history we decided that everything that CloudFlare does on behalf of its customer-base should be controllable via an API. In fact, when you login to the CloudFlare control panel, you’re really just making API calls to our backend services....
April 13, 2016
Almost a year ago, we announced that we were going to stop answering DNS ANY queries. We were prompted by a number of factors: The lack of legitimate ANY use. The abundance of malicious ANY use. The constant use of ANY queries in large DNS amplification DDoS attacks....
March 04, 2016
One way that attackers DDoS websites is by repeatedly doing DNS lookups that have small queries, but large answers. The attackers spoof their IP address so that the DNS answers are sent to the server they are attacking, this is called a reflection attack....
