“This is Why Half the Internet Shut Down Today”

Spoiler Alert: Cloudflare DNS.

According to the incident report, this issue with Cloudflare’s DNS service impacted its data centers internationally, from Frankfurt to Paris and Schiphol, as well as several in major U.S. cities, including Los Angeles, Chicago, Seattle, Atlanta, and San Jose. Reports on Downdetector showed the outages appeared to be concentrated in the U.S. and northern Europe.

Gizmodo, yesterday (link)

As a reminder, Firefox has been rolling out their DNS over HTTPS service with Cloudflare as the default provider. From Mozilla in February:

We’re enabling DoH by default only in the US. If you’re outside of the US and would like to enable DoH, you’re welcome to do so by going to Settings, then General, then scroll down to Networking Settings and click the Settings button on the right. Here you can enable DNS over HTTPS by clicking, and a checkbox will appear. By default, this change will send your encrypted DNS requests to Cloudflare.

Mozilla’s Blog (link)

If you’re a regular reader, you’re probably accustomed to seeing a cautionary post on DNS on the front page here. Really, there’s no shortage — most recently:

There are also quite a few citing DNS within them, and undoubtedly there will be more. So much of the general function of the internet and internal networks depends on the DNS underpinning — to include both ordinary and security functions. At the most common level, if DNS is down, you don’t find “google.com”. At the most sophisticated, you’re sent to a very tailored “google.com”. In between, ads are blocked, hostile websites are sinkholed, email servers are validated, LDAP & Kerberos servers are discovered, corporate users are taken to internal, privileged versions of websites, and so forth.

DNS is serious business. It’s hard enough to keep control of your own network operations without users and services bypassing your controls; it’s another thing altogether when those bypasses take you to compromised, hostile, or faulty services.

Stay vigilant, and stay in touch! Find our Contact form here.