DNS

October 04, 2021 9:08 PM

Today at 1651 UTC, we opened an internal incident entitled "Facebook DNS lookup returning SERVFAIL" because we were worried that something was wrong with our DNS resolver 1.1.1.1. But as we were about to post on our public status page we realized something else more serious was ...

By 
• Celso Martinho
• , Tom Strickx

September 27, 2021 12:59 PM

Today we’re announcing a new tool to tackle email spoofing and phishing. We’ll warn users about insecure configurations and provide an easy-to-use wizard to create required DNS records....

By 
• Hannes Gerhart

March 20, 2021 2:00 PM

How we use gRPC in combination with Kubernetes to improve the performance and usability of internal APIs....

By 
• Alex Fattouche

March 08, 2021 2:00 PM

We use Consul for service discovery, and we’ve deployed a cluster that spans several of our data centers. We were aware from the start that the DNS query latencies were not great from certain parts of the world that were furthest away from these data centers....

By 
• André Cruz

December 08, 2020 12:00 PM

Today, we’re making several announcements around improving Internet protocols with respect to something important to our customers and Internet users worldwide: privacy....

By 
• Nick Sullivan

December 08, 2020 12:00 PM

Oblivious DoH (ODoH) makes secure DNS over HTTPS (DoH) queries into private queries which prevent the leakage of client IP addresses to resolvers. The new proposed ODoH standard addresses this problem and today we are enabling users to use this protocol with 1.1.1.1...

By 
• Tanya Verma
• , Sudheesh Singanamalla

December 08, 2020 12:00 PM

A deep dive into the Encrypted Client Hello, a standard that encrypts privacy-sensitive parameters sent by the client, as part of the TLS handshake....

By 
• Christopher Patton

November 30, 2020 1:14 PM

We've improved the resiliency and management of our infrastructure DNS zone. In this post, we guide you through some of the "whats", "whys" and "hows" we encountered along the way. ...

By 
• Ryan Timken
• , Kiran Naidoo

November 13, 2020 7:06 PM

Researchers from UC Riverside and Tsinghua University found a new way to revive a decade-old DNS cache poisoning attack. Read our deep dive into how the SAD DNS attack on DNS resolvers works, how we protect against this attack in 1.1.1.1, and what the future holds for DNS cache p...

By 
• Marek Vavruša
• , Nick Sullivan

October 30, 2020 12:00 PM

We recently released a new version of Cloudflare Resolver, which adds a piece of information called “Extended DNS Errors” (EDE) along with the response code under certain circumstances. This will be helpful in tracing DNS resolution errors and figure out what went wrong behind th...

By 
• Anbang Wen

October 02, 2020 7:35 AM

October 1 is DNS Flag Day, an initiative by the DNS community to make DNS more secure, reliable and robust. This year the focus is on problems around IP fragmentation of DNS packets....

By 
• Christian Elmerot

September 15, 2020 11:00 AM

The goal of Cloudflare operated Secondary DNS is to allow our customers with custom DNS solutions, be it on-premise or some other DNS provider, to be able to take advantage of Cloudflare's DNS performance and more recently, through Secondary Override, our proxying and security ca...

By 
• Alex Fattouche

August 20, 2020 11:00 AM

Secondary DNS Override is a great option for any users that want to take advantage of the Cloudflare network, without transferring all of their zones to Cloudflare DNS as a primary provider....

By 
• Alex Fattouche

July 30, 2020 3:00 PM

Today we’re thrilled to announce general availability of Bring Your Own IP (BYOIP) across our Layer 7 products as well as Spectrum and Magic Transit services. ...

By 
• Tom Brightbill