SC uses Cloudflare, largely because it offers protection against DDoS attacks. These are a serious threat specifically to Buddhist sites. There is a significant cyberwar underway, where extremist Muslims from Myanmar and possibly elsewhere have brought down many Buddhist and related websites. It doesn’t have to be specifically Buddhist; anything is fair game, personal pages, government sites of Sri Lanka or Myanmar, and so on. I’m aware of two monk friends of mine whose sites were brought down.
DNS service providers such as Cloudflare provide protection against such attacks. The idea is that as a large distributed networks they’re too big to be brought down.
This is no longer the case; yesterday much of the internet was crippled by a DDoS attack on another DNS service provider, Dyn.
The reason this has changed is the Internet of Things (IoT). Millions, perhaps billions, of unmonitored and unsecured devices have been taken over by botnets and used to launch these attacks. This is only the beginning. Such attacks will increase in scale and sophistication.
This changes the landscape drastically. From today we should seriously consider the possibility that using a DNS service provider increases the chance of being taken down. At the very least, it’s no longer a bulletproof solution.
For now, we can wait and see. But we might want to consider the option of avoiding such services entirely.
You can’t avoid using a DNS service because that’s what maps a domain name like “suttacentral.net” into the server’s IP address which is bunch of meaningless numbers. All you can do is use a DNS service which is as robustified as possible. So far I am extremely happy with Cloudflare’s DNS service, one of the nice thing about Cloudflare’s DNS is it uses something called Anycast, Cloudflare has over 20 DNS servers around the world, not only does this mean that your browser can contact the nearest one to perform a DNS lookup (reducing page load times), but if one or more of Clouldflare’s DNS servers are taken down there is lots of redundancy, making Cloudflare’s DNS extremely difficult to disrupt. Cloudflare actually uses Anycast for all of it’s network services, meaning just taking down a few of Cloudflare’s servers can’t stop browsers getting content from alternative servers, being behind such a service is certainly much better than not in terms of general robustness to DDOS.