DNS disruption strikes Cloudflare: BGP Hijack was not the culprit

False Alarm: BGP Hijack Not to Blame

A DNS disruption on July 11, 2025, led many in the cybersecurity space to suspect a BGP hijack targeting Cloudflare’s 1.1.1.1 resolver.

But Cloudflare has now confirmed:

“The BGP hijack occurred around the same time — but it did not cause the DNS disruption.”

Instead, the root cause was internal to Cloudflare’s infrastructure. The BGP incident — involving a /24 prefix for 1.1.1.0/24 — was real, but it affected only a narrow set of networks, and briefly.

What Actually Happened?

• 1.1.1.1 appeared unreachable for users in some regions.
• Global traffic patterns were briefly altered due to a separate BGP hijack from ASN AS262254 (Brazil-based).
• However, Cloudflare’s internal systems were responsible for the primary outage.
• Their routing, filtering, or internal misconfiguration triggered the temporary DNS outage.

Why This Still Matters

Even though BGP hijacking wasn’t the root cause, the coincidence of timing exposed a broader issue:

BGP remains dangerously vulnerable to route leaks, misadvertisements, and malicious injections.

Cloudflare reiterated its stance on adopting RPKI and route filtering to protect the internet’s most critical protocols.

Cyber Protocol’s Take

Whether accidental or malicious, BGP hijacks highlight an unavoidable truth:

The internet’s backbone still runs on unauthenticated trust.

For all Cyber Protocol clients, our audit tools now check:

• Route origin validation (RPKI)
• DNS resolver uptime tracking
• BGP visibility checks
• ASN anomaly detection

What You Should Do

• Use multiple redundant DNS resolvers (1.1.1.1, 8.8.8.8, 9.9.9.9)
• Validate BGP paths with tools like BGPStream
• Monitor your ASNs and prefixes via RPKI validators

Next Step

Run your infrastructure through our DNS + BGP Resilience Audit — now live on the Cyber Protocol platform.

And if you need professional help to run your audit, we're here for that too.