APNIC’s Core Registry Services: Lessons from the November 2025 Outage

APNIC’s core registry services, including Whois, Registration Data Access Protocol (RDAP), Resource Public Key Infrastructure (RPKI), Internet Routing Registry (IRR), and the Reverse Domain Name System (rDNS), are cornerstones for ensuring the Internet remains stable and reliable. Each quarter, APNIC reviews and reports the availability of these critical services, providing insights into their operational health and any lessons learned. While Q3 2025 showcased high availability across these services, a major incident in November sheds light on the growing complexity of managing dependencies in a hyper-connected world.

The Importance of Core Registry Services

APNIC’s core services facilitate essential Internet functions. RDAP ensures streamlined access to IP registration and network data, enabling better query responses, while the RPKI repository safeguards the Internet’s routing infrastructure against misconfiguration and attacks. During Q3 2025, these services maintained exceptional performance. However, dependencies on third-party providers like Cloudflare bring unavoidable risks, as highlighted by the November outage. Globally, Cloudflare processes immense amounts of traffic, with six trillion requests daily accounting for 20% of web traffic. Given APNIC’s reliance on Cloudflare’s infrastructure for RDAP load-balancing and RPKI caching, the incident’s ripple effects were felt across its operations.

The Cloudflare Outage: Impacts and Response

On 18 November 2025, Cloudflare experienced a global disruption, causing widespread issues for services depending on its platform. APNIC’s monitoring systems detected rising error rates for RDAP and RPKI Repository Data Protocol (RRDP), revealing how even short-term outages can escalate quickly. The performance degraded to a five-minute pattern of alternating errors, which APNIC identified using Cloudflare’s post-mortem analysis. In response, engineers swiftly redirected RRDP clients directly to APNIC’s on-premises servers, bypassing Cloudflare to restore operations.

Although RPKI software is designed to fall back to rsync during RRDP unavailability, APNIC prioritized stability through proactive failover actions. By 23:00 UTC+10, error rates had significantly subsided, and the incident was formally resolved within hours, demonstrating APNIC’s resilience under pressure. This timely response not only mitigated service disruptions but also highlighted areas for system enhancement and improved contingency planning.

Key Takeaways and Future Improvements

APNIC’s analysis of the Cloudflare outage underscored two critical takeaways. First, the organization needs to refine its failover processes. While RRDP’s failover was effective, RDAP and other web services would benefit from enhanced documentation and redundant infrastructure. Second, APNIC’s status page, a vital communication channel during incidents, was also affected as it relies on Cloudflare. Decoupling this page from production systems is a high-priority improvement to ensure it remains accessible during outages.

Going forward, APNIC aims to strengthen its monitoring capabilities and redundancy strategies to guarantee service continuity. These enhancements, along with ongoing community support, are essential for mitigating future disruptions in an increasingly interconnected Internet landscape. By reinforcing resilience and adaptability, APNIC continues to serve as a reliable backbone for global Internet operations.

Maintaining High Availability in a Complex Ecosystem

Despite the challenges posed by the November outage, APNIC’s Q3 metrics reaffirmed the organization’s commitment to high availability. In a digital world where external dependencies often become single points of failure, the Cloudflare incident served as a valuable lesson. Strengthened by its response to this disruption, APNIC is bolstering its infrastructure and processes to ensure seamless service. Whether through improved failover mechanisms or decoupled status infrastructure, the organization remains focused on its mission to support a secure and globally accessible Internet environment.