The Internet Still Runs on 1980s Protocols – That Should Worry You

Cloudflare's 1.1.1.1 DNS resolver service fell victim to a simultaneous BGP hijack and route leak event, causing massive internet outages and degradation worldwide. The incident is a stark reminder of the outdated nature of our internet infrastructure. Pakistan was at the center of one of the most famous BGP outages, which the government tried to block access to YouTube within the country. However, their misconfiguration caused a global YouTube outage.

Moreover, most organizations are targets of attacks 7.5 times a year. While most are resolved quickly, these incidents highlight public infrastructure failures that lie beyond our control. The question is: what other technology do you rely on every day that was invented in the 1980s? It's not your smartphone, car, or TV – but the internet protocols themselves.

The Border Gateway Protocol (BGP) was designed in 1989, an era when the concept of the "internet" was still in its infancy. Back then, home users connected via dial-up modems, businesses had T1 lines as their epitome of connectivity, and network reliability was more of a hope than an expectation.

BGP's original purpose was to keep the nascent internet stitched together by allowing routers across autonomous systems (ASes) to share route announcements and dynamically discover paths to distant networks. The protocol was designed for resilience, not determinism, and openness, not security. Today, we demand speed, uptime, and security that BGP was never built to deliver.

Despite multiple security incidents and efforts such as RPKI and BGPsec, the internet still routes traffic based on trust and reachability, rather than performance or identity. It can't enforce policies, prevent hijacks, or guarantee who's on the other end of the connection. Most fixes require coordination that doesn't exist and IT infrastructure upgrades that move at a glacial pace.

The result is the modern internet rides on a protocol that thinks it's still 1992. This raises serious concerns about our ability to secure and privatize the network we all rely on. The Domain Name System (DNS) is another artifact of that era, created to make numeric IP addresses human-readable, but now posing significant security risks.

Every query, every resolution, and every domain query is public by design, making it easy for attackers to enumerate subdomains, discover shadow IT resources, and probe for vulnerabilities. The evolution of our relationship with network services has changed dramatically, yet we continue treating server addresses like phone numbers in a white pages directory – an outdated model that no longer works for the threats we face.

Both BGP and DNS reflect assumptions that simply don't hold up anymore: reality is that most attacks now originate from within or via compromised peers. Reality is that internet routes change unpredictably due to performance tuning, outages, and misconfigurations. And reality is that zero-trust architecture has become the standard for secure design.

Assumption: services are few and fixed. Reality: modern architectures dynamically spin up and down thousands of services. The more we scale and automate, the more these assumptions crumble. The internet's early architecture was brilliant for its time, but that time has passed. Today's needs are different, and it's time to challenge the status quo.

We need deterministic data paths that can be trusted end-to-end, secure naming systems that are private by default, policy-aware routing that aligns with business, performance, and compliance requirements, and a model where services announce themselves securely to authorized peers, not to the entire internet. The time has come to re-imagine how the internet connects, routes, and identifies everything.

This should be our wake-up call. We can't keep patching internet security with duct tape and hoping for the best. It's time to ask a hard question: are the foundational protocols we depend on every day actually fit for purpose anymore? Security and privacy can't remain afterthoughts – they need to be built from the ground up.