Some TXT about, and A PTR to, new DNS insights on Cloudflare Radar
2025-02-27
The new Cloudflare Radar DNS page provides increased visibility into aggregate traffic and usage trends seen by our 1.1.1.1 resolver...
Continue reading »
Remediating new DNSSEC resource exhaustion vulnerabilities
2024-02-29
Cloudflare recently fixed two critical DNSSEC vulnerabilities: CVE-2023-50387 and CVE-2023-50868. Both of these vulnerabilities can exhaust computational resources of validating DNS resolvers. These vulnerabilities do not affect our Authoritative DNS or DNS firewall products...
Connection errors in Asia Pacific region on July 9, 2023
2023-07-11
On July 9, 2023, users in the Asia Pacific region experienced connection errors due to origin DNS resolution failures to .com and .net TLD nameservers...
DNSSEC issues take Fiji domains offline
2022-03-09
DNSSEC issues with the .fj ccTLD caused problems reaching websites on the island nation...
Is BGP Safe Yet? No. But we are tracking it carefully
2020-04-17
BGP leaks and leaks and hijacks have been accepted as an unavoidable part of the Internet for far too long. Today, we are releasing isBGPSafeYet.com, a website to track deployments and filtering of invalid routes by the major networks....
MORE POSTS
March 15, 2019 5:01 PM
RFC8482 - Saying goodbye to ANY
Ladies and gentlemen, I would like you to welcome the new shiny RFC8482, which effectively deprecates DNS ANY query type. DNS ANY was a "meta-query" - think about it as a similar thing to the common A, AAAA, MX or SRV query types, but unlike these it wasn't a real query type - it...
- By
February 22, 2019 7:42 PM
Cloudflare Registrar at three months
Starting today, we’re excited to make Cloudflare Registrar available to all of our customers. As part of this announcement, we’d like to share some insights and data about domain registration that we learned during the early access period....
- By
January 16, 2019 5:01 PM
One-Click DNSSEC with Cloudflare Registrar
When you launch your domain to the world, you rely on the Domain Name System (DNS) to direct your users to the address for your site. However, DNS cannot guarantee that your visitors reach your content because DNS, in its basic form, lacks authentication....
- By
September 18, 2018 1:00 PM
Expanding DNSSEC Adoption
Cloudflare first started talking about DNSSEC in 2014 and at the time, Nick Sullivan wrote: “DNSSEC is a valuable tool for improving the trust and integrity of DNS, the backbone of the modern Internet.”...
- By
September 17, 2018 1:02 PM
End-to-End Integrity with IPFS
This post describes how to use Cloudflare’s IPFS gateway to set up a website which is end-to-end secure, while maintaining the performance and reliability benefits of being served from Cloudflare’s edge network....
- By
September 17, 2018 1:01 PM
Cloudflare goes InterPlanetary - Introducing Cloudflare’s IPFS Gateway
Today we’re excited to introduce Cloudflare’s IPFS Gateway, an easy way to access content from the the InterPlanetary File System (IPFS) that doesn’t require installing and running any special software on your computer....
- By
August 06, 2018 4:45 PM
Additional Record Types Available with Cloudflare DNS
Cloudflare recently updated the authoritative DNS service to support nine new record types. Since these records are less commonly used than what we previously supported, we thought it would be a good idea to do a brief explanation of each record type and how it is used....
- By
February 06, 2018 10:33 PM
It’s Hard To Change The Keys To The Internet And It Involves Destroying HSM’s
The root of the DNS tree has been using DNSSEC to protect the zone content since 2010. DNSSEC is simply a mechanism to provide cryptographic signatures alongside DNS records that can be validated, i.e. prove the answer is correct and has not been tampered with. ...
- By
August 18, 2017 5:40 PM
Broken packets: IP fragmentation is flawed
As opposed to the public telephone network, the internet has a Packet Switched design. But just how big can these packets be?...
- By
April 12, 2017 3:06 PM
Changing Internet Standards to Build A Secure Internet
We’ve been working with registrars and registries in the IETF on making DNSSEC easier for domain owners, and over the next two weeks we’ll be starting out by enabling DNSSEC automatically for .dk domains....
- By
June 24, 2016 4:31 PM
Economical With The Truth: Making DNSSEC Answers Cheap
We launched DNSSEC late last year and are already signing 56.9 billion DNS record sets per day. At this scale, we care a great deal about compute cost....
- By
May 09, 2016 10:47 PM
python-cloudflare
Very early on in the company’s history we decided that everything that CloudFlare does on behalf of its customer-base should be controllable via an API. In fact, when you login to the CloudFlare control panel, you’re really just making API calls to our backend services....
- By
April 13, 2016 12:39 PM
What happened next: the deprecation of ANY
Almost a year ago, we announced that we were going to stop answering DNS ANY queries. We were prompted by a number of factors: The lack of legitimate ANY use. The abundance of malicious ANY use. The constant use of ANY queries in large DNS amplification DDoS attacks....
- By
March 04, 2016 6:02 PM
A Deep Dive Into DNS Packet Sizes: Why Smaller Packet Sizes Keep The Internet Safe
One way that attackers DDoS websites is by repeatedly doing DNS lookups that have small queries, but large answers. The attackers spoof their IP address so that the DNS answers are sent to the server they are attacking, this is called a reflection attack....
- By
January 13, 2016 11:44 AM
Flexible, secure SSH with DNSSEC
If you read this blog on a regular basis, you probably use the little tool called SSH, especially its ubiquitous and most popular implementation OpenSSH....
- By