DNS queries to 1.1.1.1 timing out

I have been managing a network and it appears something has recently begun blocking access to cloudflare dns servers 1.1.1.1 and family. The https://1.1.1.1 url is working but dns queries fail with timeout.

The issue seems to be limited to the windows based desktop computers, as i can perform queries on the linux based routers.

Dns queries to 8.8.8.8 on the other hand work fine, so it seems something is specifically blocking 1.1.1.1 / 1.0.0.1 / 1.1.1.2 / 1.1.1.3 on port 53

It seems unlikely that this is actually a cloudflare issue but since it seems to be a very specific issue i was hoping somebody might have a hint or other helpful information.

Hi @ hannasm
You’ve already provided some good troubleshooting info!
From the same network, a Linux router can get to 1.1.1.1 over UDP/53.
Windows hosts cannot resolve DNS from 1.1.1.1 over UDP/53.
You can however load our website on 1.1.1.1:443 with HTTPs.

This sounds like there isn’t a network firewall appliance, provided that the Linux routers are on the same network as the Windows hosts. It rather sounds like it may be some local firewall rules on the Windows hosts themselves.

If these are managed by another party, you might check the Windows firewall, other software firewalls, or group policy.

Hi thanks for the response.

I found that disabling the norton firewall on a client laptop was able to resolve the issue. I did not get to experiment or investigate this situation any further on more computers. Switching to 8.8.8.8 fixed the issue and my client is not too concerned with those details.

Have you heard of norton blocking 1.1.1.1? I don’t know if that same fix would work for the broader network but it certainly fixed the laptop. If you have any other feedback about the situation i’d be happy to hear it.