CenturyLink (AS209), a network belonging to Lumen (AS3356) hijacked and advertised hundreds of IPv4 routes across many networks (ASNs), causing them to intercept and blackhole Quad9 and other networks' traffic in various locations globally.
This seems to have primarily affected networks in North America and Australia, as they believed this was a "new" and "best" path to reach Quad9. A few, smaller networks in Europe may have also been affected if Lumen was their primary upstream and they do not peer at any internet exchange points.
This was detected by Qrator, and likely other BGP Monitoring services, and there will likely be significantly more information/news to follow publicly in the coming hours and days: https://x.com/Qrator_Radar/status/1826600702996873489
In this case, there was nothing Quad9 could do, as the internet is still vulnerable to these types of misconfiguration issues. Quad9 is RPKI validated, so the affected networks need to implement RPKI filtering to protect their customers.
Note that this only affected our IPv4 address. If your network supports IPv6, we recommend making sure configuring our IPv6 addresses, as this would've avoided a total DNS outage for your networks/devices.
This may have affected other networks in other regions, but the largest, affected networks were:
* Comcast (US) * Century Link (US) * Telstra Domestic (AU/) * Bell (CA) * Rogers (CA)
Issue Start: 12:15 UTC, Aug 22nd. Issue Stop: 12:45 UTC, Aug 22nd.
Posted Aug 22, 2024 - 15:16 UTC
This incident affected: Recursive DNS Services (Current Status).