Economical With The Truth: Making DNSSEC Answers Cheap
June 24, 2016 4:31 PM
We launched DNSSEC late last year and are already signing 56.9 billion DNS record sets per day. At this scale, we care a great deal about compute cost....
Join Us And Paul Vixie On Tuesday To Discuss BIND, Root Servers, And DNS Security
June 17, 2016 4:00 PM
CloudFlare and Gandi have been hosting a speaker series on DNS, previously bringing in the founder of DNS Paul Mockapetris and Dan Kaminsky, who uncovered one of the most critical vulnerabilities in DNS....
python-cloudflare
May 09, 2016 10:47 PM
Very early on in the company’s history we decided that everything that CloudFlare does on behalf of its customer-base should be controllable via an API. In fact, when you login to the CloudFlare control panel, you’re really just making API calls to our backend services....
Dan Kaminsky Will Be Taking Your Questions At Our DNS Meetup Next Week In San Francisco
May 04, 2016 4:56 PM
Our last DNS meetup was a packed house with Paul Mockapetris, the original inventor of DNS. We learned why DNS answers have a question count but always only one question, why underscores aren’t allowed in domain names, and the history of how DNS came to be....
New for Virtual DNS Customers: Self-Service Dashboard and APIs, and Two New Features
April 13, 2016 4:59 PM
Today we're launching two new features and a brand new dashboard and API for Virtual DNS. Virtual DNS is CloudFlare’s DNS proxy that sits in front of some of the largest hosting providers in the world, shielding their DNS infrastructure from attacks....
MORE POSTS
April 05, 2016 12:05 PM
The revenge of the listening sockets
Back in November we wrote a blog post about one latency spike. Today I'd like to share a continuation of that story. As it turns out, the misconfigured rmem setting wasn't the only source of added latency. It looked like Mr Wolf hadn't finished his job....
- By
April 01, 2016 4:43 PM
Come Geek Out With The Original Inventor of DNS at CloudFlare
We like DNS, we think you might too. CloudFlare and Gandi are hosting a three-part series on DNS. Our first event will be at the CloudFlare office with Paul Mockapetris, the original inventor of the Domain Name System....
- By
March 04, 2016 6:02 PM
A Deep Dive Into DNS Packet Sizes: Why Smaller Packet Sizes Keep The Internet Safe
One way that attackers DDoS websites is by repeatedly doing DNS lookups that have small queries, but large answers. The attackers spoof their IP address so that the DNS answers are sent to the server they are attacking, this is called a reflection attack....
- By
February 29, 2016 1:42 PM
A tale of a DNS exploit: CVE-2015-7547
A buffer overflow error in GNU libc DNS stub resolver code was announced last week as CVE-2015-7547. While it doesn't have any nickname yet (last year's Ghost was more catchy), it is potentially disastrous....
- By
January 19, 2016 6:19 PM
Go coverage with external tests
The Go test coverage implementation is quite ingenious: when asked to, the Go compiler will preprocess the source so that when each code portion is executed a bit is set in a coverage bitmap....
- By
January 13, 2016 11:44 AM
Flexible, secure SSH with DNSSEC
If you read this blog on a regular basis, you probably use the little tool called SSH, especially its ubiquitous and most popular implementation OpenSSH....
- By
November 10, 2015 1:56 PM
Announcing Universal DNSSEC: Secure DNS for Every Domain
CloudFlare launched just five years ago with the goal of building a better Internet. That’s why we are excited to announce that beginning today, anyone on CloudFlare can secure their traffic with DNSSEC in just one simple step....
- By
October 29, 2015 9:26 PM
Creative foot-shooting with Go RWMutex
Hi, I'm Filippo and today I managed to surprise myself! (And not in a good way.) I'm developing a new module ("filter" as we call them) for RRDNS, CloudFlare's Go DNS server. ...
- By
October 20, 2015 8:54 PM
DNSSEC is Open for Beta
Since January, CloudFlare has been running a small, private beta for DNSSEC. Starting today, the DNSSEC beta is open for everyone. ...
- By
September 25, 2015 4:01 PM
Mobile Ad Networks as DDoS Vectors: A Case Study
CloudFlare servers are constantly being targeted by DDoS'es. We see everything from attempted DNS reflection attacks to L7 HTTP floods involving large botnets....
- By
August 06, 2015 1:40 PM
DNS parser, meet Go fuzzer
Here at CloudFlare we are heavy users of the github.com/miekg/dns Go DNS library and we make sure to contribute to its development as much as possible. Therefore when Dmitry Vyukov published go-fuzz and started to uncover tens of bugs in the Go standard library, our task was clea...
- By
August 04, 2015 10:36 AM
A deep look at CVE-2015-5477 and how CloudFlare Virtual DNS customers are protected
Last week ISC published a patch for a critical remotely exploitable vulnerability in the BIND9 DNS server capable of causing a crash with a single packet. ...
- By
August 03, 2015 11:26 AM
Quick and dirty annotations for Go stack traces
CloudFlare’s DNS server, RRDNS, is entirely written in Go and typically runs tens of thousands goroutines. Since goroutines are cheap and Go I/O is blocking we run one goroutine per file descriptor we listen on and queue new packets for processing....
- By
July 06, 2015 9:30 PM
The Internet is a cooperative system: CNAME to Dyn DNS outage of 6 July 2015
Today, shortly after 21:00 UTC, on our internal operations chat there was a scary message from one of our senior support staff: "getting DNS resolution errors on support.cloudflare.com", at the same time as automated monitoring indicated a problem....
- By