Readers of a certain age may remember the so-called “dot com boom” that took place in the early 2000’s. The boom’s “dot com” is what is known as a Top-Level Domain (TLD). Originally intended to organize domain names into a small set of categorical groupings, over the past 40+ years, the set of TLDs has […]
Tag Archives: dns
Addressing the unauthorized issuance of multiple TLS certificates for 1.1.1.1
Over the past few days Cloudflare has been notified through our vulnerability disclosure program and the certificate transparency mailing list that unauthorized certificates were issued by Fina CA for 1.1.1.1, one of the IP addresses used by our public DNS resolver service. From February 2024 to August 2025, Fina CA issued twelve certificates for 1.1.1.1 […]
Some TXT about, and A PTR to, new DNS insights on Cloudflare Radar
No joke – Cloudflare’s 1.1.1.1 resolver was launched on April Fool’s Day in 2018. Over the last seven years, this highly performant and privacy–conscious service has grown to handle an average of 1.9 Trillion queries per day from approximately 250 locations (countries/regions) around the world. Aggregated analysis of this traffic provides us with unique insight […]
Cloudflare partners with Internet Service Providers and network equipment providers to deliver a safer browsing experience to millions of homes
A committed journey of privacy and security In 2018, Cloudflare announced 1.1.1.1, one of the fastest, privacy-first consumer DNS services. 1.1.1.1 was the first consumer product Cloudflare ever launched, focused on reaching a wider audience. This service was designed to be fast and private, and does not retain information that would identify who is making […]
Connection errors in Asia Pacific region on July 9, 2023
On Sunday, July 9, 2023, early morning UTC time, we observed a high number of DNS resolution failures — up to 7% of all DNS queries across the Asia Pacific region — caused by invalid DNSSEC signatures from Verisign .com and .net Top Level Domain (TLD) nameservers. This resulted in connection errors for visitors of […]
How we scaled and protected Eurovision 2023 voting with Pages and Turnstile
2023 was the first year that non-participating countries could vote for their favorites during the Eurovision Song Contest, adding millions of additional viewers and voters to an already impressive 162 million tuning in from the participating countries. It became a truly global event with a potential for disruption from multiple sources. To prepare for anything, […]
How Rust and Wasm power Cloudflare's 1.1.1.1
On April 1, 2018, Cloudflare announced the 1.1.1.1 public DNS resolver. Over the years, we added the debug page for troubleshooting, global cache purge, 0 TTL for zones on Cloudflare, Upstream TLS, and 1.1.1.1 for families to the platform. In this post, we would like to share some behind the scenes details and changes. When […]
It’s Hard To Change The Keys To The Internet And It Involves Destroying HSM’s
Photo by Niko Soikkeli / Unsplash The root of the DNS tree has been using DNSSEC to protect the zone content since 2010. DNSSEC is simply a mechanism to provide cryptographic signatures alongside DNS records that can be validated, i.e. prove the answer is correct and has not been tampered with. To learn more about […]
CAA of the Wild: Supporting a New Standard
One thing we take pride in at Cloudflare is embracing new protocols and standards that help make the Internet faster and safer. Sometimes this means that we’ll launch support for experimental features or standards still under active development, as we did with TLS 1.3. Due to the not-quite-final nature of some of these features, we […]
If I Knew Then What I Know Now: Tales from the Early Internet
Paul Mockapetris, Inventor, DNS, and David Conrad, CTO, ICANN Moderator: Matthew Prince, Co-Founder & CEO, Cloudflare Photo by Cloudflare Staff MP: You guys wrote all this stuff; why is the internet so broken? PM: People complain about security flaws, but there is no security in original design of dns. I think of it that we […]
