“This is Why Half the Internet Shut Down Today”

Spoiler Alert: Cloudflare DNS.

According to the incident report, this issue with Cloudflare’s 1.1.1.1 DNS service impacted its data centers internationally, from Frankfurt to Paris and Schiphol, as well as several in major U.S. cities, including Los Angeles, Chicago, Seattle, Atlanta, and San Jose. Reports on Downdetector showed the outages appeared to be concentrated in the U.S. and northern Europe.

Gizmodo, yesterday (link)

As a reminder, Firefox has been rolling out their DNS over HTTPS service with Cloudflare as the default provider. From Mozilla in February:

We’re enabling DoH by default only in the US. If you’re outside of the US and would like to enable DoH, you’re welcome to do so by going to Settings, then General, then scroll down to Networking Settings and click the Settings button on the right. Here you can enable DNS over HTTPS by clicking, and a checkbox will appear. By default, this change will send your encrypted DNS requests to Cloudflare.

Mozilla’s Blog (link)

If you’re a regular reader, you’re probably accustomed to seeing a cautionary post on DNS on the front page here. Really, there’s no shortage — most recently:

There are also quite a few citing DNS within them, and undoubtedly there will be more. So much of the general function of the internet and internal networks depends on the DNS underpinning — to include both ordinary and security functions. At the most common level, if DNS is down, you don’t find “google.com”. At the most sophisticated, you’re sent to a very tailored “google.com”. In between, ads are blocked, hostile websites are sinkholed, email servers are validated, LDAP & Kerberos servers are discovered, corporate users are taken to internal, privileged versions of websites, and so forth.

DNS is serious business. It’s hard enough to keep control of your own network operations without users and services bypassing your controls; it’s another thing altogether when those bypasses take you to compromised, hostile, or faulty services.

Stay vigilant, and stay in touch! Find our Contact form here.

Firefox is Rolling-Out DNS-over-HTTPS. Are you ready?

The Monday Morning Pop-Up from Firefox

I was greeted with this unexpected pop-up from Firefox this morning. If you haven’t seen it yet, figure it’s just a matter of time. Listen to the short video for some things you may need to consider, particularly if you’re managing an internal network with DNS services or if you’re using DNS filtering as part of your security plan.

If you need help assessing how the different browsers moving to DNS-over-HTTPS (DoH) may impact your organziation or you, visit our contact form and drop us a line!