Thursday April 6th 2023, 19:16 - 19:33 UTC
During the incident, DNS requests made inside one of our EU data centers were failing. There was no direct or discernable impact on customers.
A firewall misconfiguration resulted in the loss of the internal DNS network for approximately 17 minutes.
The incorrect firewall configuration was cleared.
This incident highlights the need for an iptables audit for the internal DNS system with a focus on simplification and standardization. It also uncovers a scenario that the current BGP health checks (which under normal circumstances, would have caused the removal of the misconfigured nodes from the anycast network) cannot detect. Follow up work will be scheduled to resolve both of these issues.