Economical With The Truth: Making DNSSEC Answers Cheap
June 24, 2016
We launched DNSSEC late last year and are already signing 56.9 billion DNS record sets per day. At this scale, we care a great deal about compute cost....
A Post Mortem on this Morning's Incident
June 21, 2016
We would like to share more details with our customers and readers on the internet outages that occurred this morning and earlier in the week, and what we are doing to prevent these from happening again....
Join Us And Paul Vixie On Tuesday To Discuss BIND, Root Servers, And DNS Security
June 17, 2016
CloudFlare and Gandi have been hosting a speaker series on DNS, previously bringing in the founder of DNS Paul Mockapetris and Dan Kaminsky, who uncovered one of the most critical vulnerabilities in DNS....
Open Sourcing CloudFlare’s UI Framework
June 08, 2016
Late last year, the CloudFlare UI team made a huge decision: to change JavaScript frameworks from Backbone & Marionette to React & Redux....
Open sourcing our NGINX HTTP/2 + SPDY code
May 13, 2016
In December, we released HTTP/2 support for all customers and on April 28 we released HTTP/2 Server Push support as well....
MORE POSTS
May 04, 2016
Dan Kaminsky Will Be Taking Your Questions At Our DNS Meetup Next Week In San Francisco
Our last DNS meetup was a packed house with Paul Mockapetris, the original inventor of DNS. We learned why DNS answers have a question count but always only one question, why underscores aren’t allowed in domain names, and the history of how DNS came to be....
- By
May 04, 2016
Yet Another Padding Oracle in OpenSSL CBC Ciphersuites
Yesterday a new vulnerability has been announced in OpenSSL/LibreSSL. A padding oracle in CBC mode decryption, to be precise. Just like Lucky13. Actually, it’s in the code that fixes Lucky13....
- By
April 29, 2016
Lizard Squad Ransom Threats: New Name, Same Faux Armada Collective M.O.
CloudFlare recently wrote about the group of cyber criminals claiming to be be the "Armada Collective." In that article, we stressed that this group had not followed through on any of the ransom threats they had made. ...
- By
April 28, 2016
Announcing Support for HTTP/2 Server Push
Last November, we rolled out HTTP/2 support for all our customers. At the time, HTTP/2 was not in wide use, but more than 88k of the Alexa 2 million websites are now HTTP/2-enabled....
- By
April 27, 2016
Ask Me Anything About HTTP/2
We're big fans of HTTP/2 at CloudFlare. Our customers make up the majority of HTTP/2 enabled domains today. HTTP/2 is a key part of the modern web, and its growth and adoption is changing how websites and applications are built....
- By
April 25, 2016
Empty DDoS Threats: Meet the Armada Collective
Beginning in March 2016, we began hearing reports of a gang of cybercriminals once again calling themselves the Armada Collective. The calling card of the gang was an extortion email sent to a wide variety of online businesses threatening to launch DDoS attacks if they weren't pa...
- By
April 13, 2016
New for Virtual DNS Customers: Self-Service Dashboard and APIs, and Two New Features
Today we're launching two new features and a brand new dashboard and API for Virtual DNS. Virtual DNS is CloudFlare’s DNS proxy that sits in front of some of the largest hosting providers in the world, shielding their DNS infrastructure from attacks....
- By
April 13, 2016
What happened next: the deprecation of ANY
Almost a year ago, we announced that we were going to stop answering DNS ANY queries. We were prompted by a number of factors: The lack of legitimate ANY use. The abundance of malicious ANY use. The constant use of ANY queries in large DNS amplification DDoS attacks....
- By
April 05, 2016
The revenge of the listening sockets
Back in November we wrote a blog post about one latency spike. Today I'd like to share a continuation of that story. As it turns out, the misconfigured rmem setting wasn't the only source of added latency. It looked like Mr Wolf hadn't finished his job....
- By
April 01, 2016
Come Geek Out With The Original Inventor of DNS at CloudFlare
We like DNS, we think you might too. CloudFlare and Gandi are hosting a three-part series on DNS. Our first event will be at the CloudFlare office with Paul Mockapetris, the original inventor of the Domain Name System....
- By
March 04, 2016
A Deep Dive Into DNS Packet Sizes: Why Smaller Packet Sizes Keep The Internet Safe
One way that attackers DDoS websites is by repeatedly doing DNS lookups that have small queries, but large answers. The attackers spoof their IP address so that the DNS answers are sent to the server they are attacking, this is called a reflection attack....
- By
March 03, 2016
400Gbps: Winter of Whopping Weekend DDoS Attacks
Over the last month, we’ve been watching some of the largest distributed denial of service (DDoS) attacks ever seen unfold. As CloudFlare has grown we've brought on line systems capable of absorbing and accurately measuring attacks....
- By
February 29, 2016
A tale of a DNS exploit: CVE-2015-7547
A buffer overflow error in GNU libc DNS stub resolver code was announced last week as CVE-2015-7547. While it doesn't have any nickname yet (last year's Ghost was more catchy), it is potentially disastrous....
- By
January 19, 2016
Go coverage with external tests
The Go test coverage implementation is quite ingenious: when asked to, the Go compiler will preprocess the source so that when each code portion is executed a bit is set in a coverage bitmap....
- By