Cloudflare’s extensively used 1.1.1.1 DNS resolver service skilled a big 62-minute world outage on July 14, 2025, affecting tens of millions of customers worldwide from 21:52 UTC to 22:54 UTC.
Opposite to preliminary hypothesis, the corporate has confirmed that the outage was brought on by an inner configuration error reasonably than a BGP assault, although a coincidental BGP hijack by Tata Communications India (AS4755) was noticed throughout the incident.
Key Takeaways1. Cloudflare’s DNS service skilled a 62-minute world outage on July 14, 2025, impacting tens of millions of customers.2. The outage was brought on by a misconfigured system replace from June 6, not a BGP assault.3. Service was restored by reverting configurations; Cloudflare will improve legacy programs to stop recurrence.
Cloudflare Latest 1.1.1.1 Outage
The basis explanation for the outage was traced again to a configuration change made on June 6, 2025, throughout preparations for a Information Localization Suite (DLS) service.
Throughout this launch, prefixes related to the 1.1.1.1 Resolver service had been inadvertently included alongside prefixes supposed for the brand new DLS service.
This misconfiguration remained dormant within the manufacturing community till July 14, when a second configuration change was made to connect a take a look at location to the non-production service, triggering a worldwide refresh of community configuration.
The error prompted the 1.1.1.1 Resolver prefixes to be withdrawn from manufacturing Cloudflare information facilities globally, successfully making the service unreachable.
The affected IP ranges included essential addresses reminiscent of 1.1.1.0/24, 1.0.0.0/24, 2606:4700:4700::/48, and several other different IPv4 and IPv6 prefixes.
Affected IP addresses
DNS visitors over UDP, TCP, and DNS over TLS (DoT) dropped instantly, whereas DNS-over-HTTPS (DoH) visitors remained comparatively secure because it makes use of the area cloudflare-dns.com reasonably than IP addresses.
Coincidental BGP Hijack
Throughout the outage investigation, Cloudflare found that Tata Communications India (AS4755) had began promoting the 1.1.1.0/24 prefix, creating what seemed to be a BGP hijack state of affairs.
Timeline for BGP withdrawal and re-announcement of 1.1.1.0/24 globally
Nonetheless, firm engineers emphasised that this hijack was not the reason for the outage however reasonably an unrelated problem that turned seen when Cloudflare withdrew its routes.
The BGP hijack occurred at 21:54 UTC, two minutes after the DNS visitors started dropping globally.
This incident highlighted the complexity of managing anycast routing, the tactic Cloudflare makes use of to distribute visitors throughout a number of world places for improved efficiency and capability.
When issues happen with tackle area ads, they may end up in world outages affecting all customers concurrently.
Prevention Measures
Cloudflare initiated a revert to the earlier configuration at 22:20 UTC, which restored visitors ranges to roughly 77% of regular capability.
Visitors Restoration
The remaining 23% of edge servers required reconfiguration by means of the corporate’s change administration system, which was accelerated given the incident’s severity. 22:54 UTC achieved full service restoration.
To forestall related incidents, Cloudflare introduced plans to deprecate legacy programs that lack progressive deployment methodologies and implement staged addressing deployments with well being monitoring capabilities.
Examine stay malware conduct, hint each step of an assault, and make sooner, smarter safety selections -> Attempt ANY.RUN now
