2024-02-29
Cloudflare recently fixed two critical DNSSEC vulnerabilities: CVE-2023-50387 and CVE-2023-50868. Both of these vulnerabilities can exhaust computational resources of validating DNS resolvers. These vulnerabilities do not affect our Authoritative DNS or DNS firewall products...
Continue reading »
2023-07-11
On July 9, 2023, users in the Asia Pacific region experienced connection errors due to origin DNS resolution failures to .com and .net TLD nameservers...
2022-03-09
DNSSEC issues with the .fj ccTLD caused problems reaching websites on the island nation...
2020-04-17
BGP leaks and leaks and hijacks have been accepted as an unavoidable part of the Internet for far too long. Today, we are releasing isBGPSafeYet.com, a website to track deployments and filtering of invalid routes by the major networks....
2019-03-15
Ladies and gentlemen, I would like you to welcome the new shiny RFC8482, which effectively deprecates DNS ANY query type. DNS ANY was a "meta-query" - think about it as a similar thing to the common A, AAAA, MX or SRV query types, but unlike these it wasn't a real query type - it was special....
February 22, 2019 7:42 PM
Starting today, we’re excited to make Cloudflare Registrar available to all of our customers. As part of this announcement, we’d like to share some insights and data about domain registration that we learned during the early access period....
January 16, 2019 5:01 PM
When you launch your domain to the world, you rely on the Domain Name System (DNS) to direct your users to the address for your site. However, DNS cannot guarantee that your visitors reach your content because DNS, in its basic form, lacks authentication....
September 18, 2018 1:00 PM
Cloudflare first started talking about DNSSEC in 2014 and at the time, Nick Sullivan wrote: “DNSSEC is a valuable tool for improving the trust and integrity of DNS, the backbone of the modern Internet.”...
September 17, 2018 1:02 PM
This post describes how to use Cloudflare’s IPFS gateway to set up a website which is end-to-end secure, while maintaining the performance and reliability benefits of being served from Cloudflare’s edge network....
September 17, 2018 1:01 PM
Today we’re excited to introduce Cloudflare’s IPFS Gateway, an easy way to access content from the the InterPlanetary File System (IPFS) that doesn’t require installing and running any special software on your computer....
August 06, 2018 4:45 PM
Cloudflare recently updated the authoritative DNS service to support nine new record types. Since these records are less commonly used than what we previously supported, we thought it would be a good idea to do a brief explanation of each record type and how it is used....
February 06, 2018 10:33 PM
The root of the DNS tree has been using DNSSEC to protect the zone content since 2010. DNSSEC is simply a mechanism to provide cryptographic signatures alongside DNS records that can be validated, i.e. prove the answer is correct and has not been tampered with. ...
August 18, 2017 5:40 PM
As opposed to the public telephone network, the internet has a Packet Switched design. But just how big can these packets be?...
April 12, 2017 3:06 PM
We’ve been working with registrars and registries in the IETF on making DNSSEC easier for domain owners, and over the next two weeks we’ll be starting out by enabling DNSSEC automatically for .dk domains....
June 24, 2016 4:31 PM
We launched DNSSEC late last year and are already signing 56.9 billion DNS record sets per day. At this scale, we care a great deal about compute cost....
May 09, 2016 10:47 PM
Very early on in the company’s history we decided that everything that CloudFlare does on behalf of its customer-base should be controllable via an API. In fact, when you login to the CloudFlare control panel, you’re really just making API calls to our backend services....
April 13, 2016 12:39 PM
Almost a year ago, we announced that we were going to stop answering DNS ANY queries. We were prompted by a number of factors: The lack of legitimate ANY use. The abundance of malicious ANY use. The constant use of ANY queries in large DNS amplification DDoS attacks....
March 04, 2016 6:02 PM
One way that attackers DDoS websites is by repeatedly doing DNS lookups that have small queries, but large answers. The attackers spoof their IP address so that the DNS answers are sent to the server they are attacking, this is called a reflection attack....
January 13, 2016 11:44 AM
If you read this blog on a regular basis, you probably use the little tool called SSH, especially its ubiquitous and most popular implementation OpenSSH....
November 10, 2015 1:56 PM
CloudFlare launched just five years ago with the goal of building a better Internet. That’s why we are excited to announce that beginning today, anyone on CloudFlare can secure their traffic with DNSSEC in just one simple step....
