Cloudflare Blog

https://blog.cloudflare.com/

Cloudflare BlogJan 14, 2026

What came first: the CNAME or the A record?

Why it matters: This incident highlights how subtle optimizations can break systems by violating undocumented assumptions in legacy clients. It serves as a reminder that even when a protocol doesn't mandate order, real-world implementations often depend on it.

A memory optimization in Cloudflare's 1.1.1.1 resolver inadvertently changed the order of records in DNS responses.
The code change moved CNAME records to the end of the answer section instead of the beginning when merging cached partial chains.
While the DNS protocol technically treats record order as irrelevant, many client implementations process records sequentially.
Legacy implementations like glibc's getaddrinfo fail to resolve addresses if the A record appears before the CNAME that defines the alias.
The incident was resolved by reverting the optimization, restoring the original record ordering where CNAMEs precede final answers.

#sre #dist

Read original

Cloudflare BlogJan 13, 2026

What we know about Iran’s Internet shutdown

Why it matters: Understanding how nation-states manipulate BGP and IP announcements to enforce shutdowns is crucial for engineers building resilient, global systems. It highlights the vulnerability of centralized network infrastructure and the importance of monitoring tools like Cloudflare Radar.

Iran implemented a near-total internet shutdown starting January 8, 2026, following widespread civil protests.
Cloudflare Radar observed a 98.5% drop in announced IPv6 address space, signaling a deliberate disruption of routing paths.
Overall traffic volume plummeted by 90% within a 30-minute window as major ISPs like MCCI, IranCell, and TCI went offline.
By 18:45 UTC on January 8, internet traffic from the country reached effectively zero, indicating a complete disconnection from the global web.
Brief spikes in DNS traffic (1.1.1.1) and university network connectivity were observed on January 9 before being shut down again.

#data #security #dist

Read original

Cloudflare BlogJan 6, 2026

A closer look at a BGP anomaly in Venezuela

Why it matters: BGP route leaks can cause traffic delays or interception. Distinguishing between configuration errors and malicious intent is vital for network security. This analysis demonstrates how technical data can debunk theories of malfeasance by identifying systemic ISP policy failures.

Cloudflare Radar detected a BGP route leak on January 2 involving Venezuelan ISP CANTV (AS8048).
The event violated valley-free routing by redistributing routes from a provider to an external network.
Data shows 11 similar leaks since December, suggesting systemic configuration issues rather than malfeasance.
The leak impacted prefixes from Dayco Telecom (AS21980), a customer of the leaking ISP.
Such anomalies highlight the critical need for ISPs to implement strict routing export and import policies.

#security #dist

Read original

Cloudflare BlogDec 22, 2025

How Workers powers our internal maintenance scheduling pipeline

Why it matters: Manual infrastructure management fails at scale. This article shows how Cloudflare uses serverless Workers and graph-based data modeling to automate global maintenance scheduling, preventing downtime by programmatically enforcing safety constraints across distributed data centers.

Cloudflare transitioned from manual maintenance coordination to an automated scheduler built on Cloudflare Workers to manage 330+ global data centers.
The system enforces safety constraints to prevent simultaneous downtime of redundant edge routers and customer-specific egress IP pools.
To solve 'out of memory' errors on the Workers platform, the team implemented a graph-based data interface inspired by Facebook’s TAO.
The scheduler uses a graph model of objects and associations to load only the regional data necessary for specific maintenance requests.
The tool programmatically identifies overlapping maintenance windows and alerts operators to potential conflicts to ensure high availability.

#sre #dist #data

Read original

Cloudflare BlogDec 19, 2025

Code Orange: Fail Small — our resilience plan following recent incidents

Why it matters: This initiative highlights the danger of instant global configuration propagation. By treating config as code and implementing gated rollouts, Cloudflare demonstrates how to mitigate blast radius in hyperscale systems, a critical lesson for SRE and platform engineers.

Cloudflare launched 'Code Orange: Fail Small' to prioritize network resilience after two major outages caused by rapid configuration deployments.
The plan mandates controlled, gated rollouts for all configuration changes, mirroring the existing Health Mediated Deployment (HMD) process used for software binaries.
Teams must now define success metrics and automated rollback triggers for configuration updates to prevent global propagation of errors.
Engineers are reviewing failure modes across traffic-handling systems to ensure predictable behavior during unexpected error states.
The initiative aims to eliminate circular dependencies and improve 'break glass' procedures for faster emergency access during incidents.

#sre #dist #security

Read original

Cloudflare BlogDec 19, 2025

Innovating to address streaming abuse — and our latest transparency report

Why it matters: Cloudflare is scaling its abuse mitigation by integrating AI and real-time APIs. For engineers, this demonstrates how to handle high-volume legal and security compliance through automation and service-specific policies while maintaining network performance and reliability.

Cloudflare's H1 2025 transparency report highlights a significant increase in automated abuse detection and response capabilities.
The company is utilizing AI and machine learning to identify sophisticated patterns in unauthorized streaming and phishing campaigns.
A new API-driven reporting system for rightsholders has scaled DMCA processing, increasing actions from 1,000 to 54,000 in six months.
Cloudflare applies service-specific abuse policies, distinguishing between hosted content and CDN/security services.
Technical measures prevent the misconfiguration of free-tier plans for high-bandwidth video streaming to protect network resources.
Collaborative data sharing with rightsholders enables real-time identification and mitigation of domains involved in streaming abuse.

#security #mlp #dist

Read original

Cloudflare BlogDec 18, 2025

Announcing support for GROUP BY, SUM, and other aggregation queries in R2 SQL

Why it matters: Engineers can now perform complex analytical queries directly on R2 data without egress or external processing. This distributed approach to aggregations enables high-performance log analysis and reporting across massive datasets using familiar SQL syntax.

Cloudflare R2 SQL now supports SQL aggregations including GROUP BY, SUM, COUNT, and HAVING statements.
The engine executes queries over Apache Parquet files stored in the R2 Data Catalog using a distributed architecture.
Implements a scatter-gather approach where worker nodes compute pre-aggregates to horizontally scale computation.
Pre-aggregates represent partial states, such as intermediate sums and counts, which are merged by a coordinator node.
Introduces shuffling aggregations to handle complex operations like ORDER BY and HAVING on computed aggregate columns.
The system is designed to spot trends, generate reports, and identify anomalies in large-scale log data.

#dist #data

Read original

Cloudflare BlogDec 15, 2025

ChatGPT's rivals, Kwai's quiet rise: the top Internet services of 2025

Why it matters: This report offers critical insights into evolving user behavior, platform dominance, and emerging tech trends like AI and digital finance. Engineers can leverage this data to inform product strategy, infrastructure planning, and understand the competitive landscape of internet services.

Cloudflare's 2025 report ranks top internet services based on anonymized DNS query data from its 1.1.1.1 resolver, highlighting shifts in popularity across nine categories.
Generative AI saw significant competition, with Claude, Gemini, and Perplexity challenging ChatGPT, and Gemini reaching the #2 spot by year-end.
The social media landscape shifted: Instagram rose to #5 overall, while TikTok and X declined, and Kwai gained traction in emerging markets.
Asian e-commerce platforms like Shopee and Temu joined Amazon in the global top 3, indicating a significant regional climb.
Google, Facebook, and Apple remained the top three overall internet services, with Microsoft and Instagram showing strong growth in their rankings.
Digital finance services like Stripe and neobank Nubank demonstrated continued dominance and growth, alongside a surge in cryptocurrency traffic for platforms like OKX.

#data #mlp

Read original

Cloudflare BlogDec 15, 2025

The 2025 Cloudflare Radar Year in Review: The rise of AI, post-quantum, and record-breaking DDoS attacks

Why it matters: This review offers critical insights into evolving Internet trends, including AI's impact on web traffic, the rise of post-quantum security, and network performance, essential for engineers building and securing online services.

Global Internet traffic grew 19% in 2025, with Starlink traffic doubling and Googlebot leading verified bot activity for search and AI training.
Post-quantum encrypted web traffic reached 52% of human-generated requests, highlighting a significant shift in security adoption.
AI-related crawling surged, with Googlebot's dual-purpose crawls dominating and "user action" crawling increasing 15x. AI bots were also frequently blocked via robots.txt.
Meta's llama-3-8b-instruct was the most popular model on Workers AI, primarily used for text generation tasks.
Mobile traffic saw iOS devices account for 35% globally, while HTTP/2 and HTTP/3 adoption continued to rise.

#security #data #mlp

Read original

Cloudflare BlogDec 11, 2025

React2Shell and related RSC vulnerabilities threat brief: early exploitation activity and threat actor techniques

Why it matters: This critical RCE in React Server Components allows unauthenticated code execution. Engineers must patch immediately and apply WAF rules to protect against active exploitation and prevent severe security breaches.

React2Shell (CVE-2025-55182) is a critical RCE vulnerability (CVSS 10.0) in React Server Components (RSC) Flight protocol.
The flaw stems from unsafe deserialization, enabling unauthenticated attackers to execute arbitrary privileged JavaScript with a single crafted HTTP request.
Cloudflare observed immediate, widespread scanning and exploitation attempts by threat actors within hours of public disclosure.
Threat actors leverage vulnerability scanners (e.g., Nuclei), asset discovery platforms, and tools like Burp Suite for reconnaissance and exploitation.
Two other RSC vulnerabilities, CVE-2025-55183 (Server Function leaking) and CVE-2025-55184 (DoS), were also disclosed.
Cloudflare deployed WAF rules to mitigate these threats, available to all customers.

#security #frontend

Read original

Page 6 of 10

Prev 1...4 5 6 7 8...10 Next