Cloudflare’s 1.1.1.1 DNS Service Disrupted by BGP Hijacking and Route Leak
On June 27, 2024, Cloudflare’s popular 1.1.1.1 public DNS resolver service experienced disruptions, leaving a small percentage of users worldwide unable to access the service or facing significant latency issues. The culprit behind this outage was a combination of Border Gateway Protocol (BGP) hijacking and a route leak.
BGP Hijacking and Route Leaks: A Double Whammy
BGP, the routing protocol that underpins the Internet, is susceptible to both hijacking and leaks. In the case of the Cloudflare incident, a Brazilian network operator, Eletronet (AS267613), mistakenly announced ownership of the 1.1.1.1/32 prefix, diverting traffic away from Cloudflare’s servers. Simultaneously, another Brazilian network, Nova Rede de Telecomunicações (AS262504), erroneously leaked the 1.1.1.0/24 prefix upstream, further exacerbating the issue.
This dual-faceted problem caused immediate unreachability for 1.1.1.1 from over 300 networks across 70 countries. Although the overall impact on users was minimal (less than 1% in the UK and Germany), it highlighted the persistent vulnerabilities within the global BGP ecosystem. The impact on users varied, with some unable to reach 1.1.1.1 at all and others experiencing high latency. The hijacking and subsequent blackholing of 1.1.1.1/32 by AS267613 caused intermittent access issues, particularly visible in traffic from Germany and the United States.
The incident underscores the importance of Resource Public Key Infrastructure (RPKI), a security framework designed to prevent BGP hijacking. While Cloudflare had implemented RPKI, the complexity of the situation, involving a combination of hijacking and leaking, resulted in a partial outage.
Cloudflare’s Response and the Path Forward
Cloudflare, a vocal advocate for improved Internet security, expressed regret for the disruptions experienced by users. Despite the root cause originating from external networks, Cloudflare is committed to enhancing its detection methods and response times to mitigate the impact of such incidents in the future.
The company continues to champion the widespread adoption of RPKI and other security mechanisms like Autonomous Systems Provider Authorization (ASPA) to safeguard the integrity of BGP routing. Cloudflare’s ongoing efforts to strengthen the Internet’s resilience against such attacks are crucial in ensuring a stable and secure online experience for users worldwide.
