An Update On Yesterday’s Auth0 Outage Impacting DNSFilter Customer Logins

by Ken Carnesi on Apr 21, 2021 12:00:00 AM

On Tuesday, April 20th at approximately 16:00 UTC, we began to receive tickets from users stating they were unable to log into the DNSFilter dashboard. At the same time, our API monitors indicated that there were similar issues with the authentication API for DNSFilter.

The investigation immediately uncovered that our authentication provider, Auth0, was having a major outage in their primary (US-1) data center. This outage was not only affecting DNSFilter, but also a large portion of the other 9,000 enterprises that rely on Auth0. The outage immediately triggered our incident response process, and at 16:09 UTC we posted a message to our status page indicating that we were working on the issue and that DNS resolution was not affected in any way; only the ability to log in to the dashboard.

Unfortunately, the message posted to our status page did not make clear that Auth0 was the cause of the outage and could have been more clear that there was nothing to worry about, as analytics, threat blocking, content filtering, etc. were all still fully operational. ‍

Additionally, throughout this time, the DNSFilter support and infrastructure teams maintained the ability to pull data or make network changes on behalf of customers with an urgent need. I want to confirm that at no time were DNSFilter systems impacted. No networks were affected and there was zero downtime, loss of data, or reduction in threat protection for any DNSFilter customer.

That being said, we'd like you to know that we take this incident seriously. Auth0 was chosen as our authentication provider in an effort to provide industry-leading security and privacy for our users. Although DNSFilter has never experienced any downtime from Auth0 in more than five years of use, this incident has highlighted the necessity for us to build clearer customer communications and have a solid run book should an incident of this nature happen again, just as we do with any other critical aspect of our infrastructure.

As of this post Auth0 reports complete restoration of availability and considers the issue resolved.

Please accept our sincere apologies for any concern or frustration for miscommunication around this issue. We are fully committed to learning from this incident and continuing to provide innovative technology that challenges the way the industry thinks about DNS security.

Sincerely,

Ken Carnesi
Founder & CEO

Topics: Featured

DNS: The Hidden Threat Lurking in Every Business Network

You lock your doors at night, secure your office, and ensure sensitive information is under strict control. But what if the biggest vulnerability in your business wasn't locked away at all? For most companies, their Domain Name System (DNS) is the gateway attackers are waiting for. It's a fundamental part of the internet's infrastructure, yet it's often ignored when it comes to security. Hackers know this, and they're taking advantage.

2025 Cybersecurity Predictions: It’s Not Just AI, Here’s How Cybersecurity Will be Transformed in 2025

Earlier this month I joined Mikey Pruitt, our Global Partner Evangelist, on the DNSFilter podcast dnsUNFILTERED to discuss my 2025 cybersecurity predictions. We had a lot of fun and covered all of the points I’ll outline here, but I wanted to go deeper. My 30 years of cybersecurity experience have given me a strong sense of where we’re heading as an industry—the shift to the cloud in many ways is a precursor in the adoption of AI and the future...

From Reactive to Proactive: How to Create a DNS Security Strategy that Stops Attacks

Most businesses only think about DNS security after an attack has already occurred. By then, the damage is done - downtime, lost revenue, compromised data, and a tarnished reputation. In an environment where cyber threats are constantly evolving, a reactive approach to DNS security simply isn’t enough.