SYSTEM Cited by 1 source
Cloudflare Data Localization Suite¶
Data Localization Suite (DLS) is the Cloudflare product line that lets customers constrain Cloudflare services to specific countries / regions to meet data-residency and compliance requirements. Cloudflare's baseline posture for most services (e.g. the systems/cloudflare-1-1-1-1-resolver|1.1.1.1 Resolver) is globally anycasted — the same IP is advertised from every POP. DLS is the explicit opt-out of that default: a customer's service is bound to a particular set of locations, and traffic to that service's IP addresses is only made Internet-reachable from those locations.
The mechanism is a per-service service topology — a named set of POPs that the service is allowed to run in. Advertising the service's IP prefixes is conditional on a location being part of the topology.
Relevance to the 2025-07-14 1.1.1.1 incident¶
The 2025-07-14 Cloudflare 1.1.1.1 outage was not a DLS customer- facing incident — no DLS customer traffic was directly misrouted — but its mechanism was a DLS-system config change. A 2025-06-06 release preparing a new, not-yet-live DLS service topology accidentally included references to the 1.1.1.1 Resolver's prefixes. A 2025-07-14 test-location attachment to that same non-production DLS topology triggered a global refresh, and the Resolver's prefixes were consequently withdrawn from all production data centers. This makes DLS-topology management a concrete wiki instance of why configuration changes on the addressing / routing surface need the same canary / staged-deployment discipline as code changes — see patterns/progressive-configuration-rollout.