Don’t use Cloudflares 1.1.1.1 on servers

We’ve gotten rate-limited out of the blue on distributed servers in the past 3 years now, this last one was on servers we setup 830 days ago, before we knew that getting rate-limited/banned on DNS servers where even possible.

The worst thing about the last incident was that we entered a death spiral, DNS resolution failing started a logging job, that failed (due to DNS resolution failing to call log server) that then started a job about the failing DNS resolution.. You get the gist..

Of course, this is an issue of engineering and code, not only a rate-limiting issue.

However, many developers rely and depend on root DNS resolution to “Just Work” when you add it to a server, which has been the case with Googles DNS servers for the past 15+ years that I’ve been a sysop. I’m just hoping that this time, this will get SOME attention, because either you want dev-ops to use Cloudflare DNS on servers or you don’t – and if you don’t – there should be an official warning that this WILL happen, you WILL get rate-limited eventually.

Comments URL: https://news.ycombinator.com/item?id=43923544

Points: 3

# Comments: 0