Cloudflare 1.1.1.1 incident on June 27, 2024

On June 27, 2024, a small number of users globally experienced unreachability or degradation of the Cloudflare's public DNS resolver service at 1.1.1.1 due to a combination of Border Gateway Protocol (BGP) hijacking and route leak. The incident was caused by AS267613 announcing 1.1.1.1/32 to peers, providers, and customers, while AS262504 leaked 1.1.1.0/24 upstream. Despite increased adoption of RPKI over the past several years, during the incident, 1.1.1.1/32 was originated by ELETRONET S.A. (AS267613) and accepted by multiple networks, including at least one Tier 1 provider who accepted 1.1.1.1/32 as a blackhole route. This caused immediate unreachability for the DNS resolver address from over 300 networks in 70 countries, although the impact on the overall percentage of users was quite low. Cloudflare has been engaging with all networks mentioned throughout this post in regard to the leak and future prevention mechanisms.