Have problems with 1.1.1.1? *Read Me First*

Here are some tips for troubleshooting if you are having issues using Cloudflare’s Resolver. Please take a moment to review them along with the information that will help us to understand and help diagnose any issues. There are two sections to this guide. The first is for troubleshooting name resolution errors/issues and the second is for unreachability or routing issues.

New Diagnostic Tool We have a new diagnostic tool which can help gather some of the information requested below. If you copy the result from https://Cloudflare-dns.com/help/ to your ticket it will help immensely.

Dig Tutorial

Troubleshooting Name Resolution Issues

  1. Please search the forum to see if the domain you are reporting already has an entry (feel free to add your comments to it, if it does).
  2. Please provide the following tests from your location if possible and include it with your report.

UNIX (Linux/macOS)

dig example.com @1.1.1.1
dig example.com @1.0.0.1
dig example.com @8.8.8.8
dig +short CHAOS TXT id.server @1.1.1.1
dig +short CHAOS TXT id.server @1.0.0.1

And if you are willing to share information about your network block, please include the output of this next command as well. Note: This does reveal your IP address, so if you aren’t comfortable sharing we understand.
dig @ns3.Cloudflare.com whoami.Cloudflare.com txt +short

Windows

nslookup example.com 1.1.1.1
nslookup example.com 1.0.0.1
nslookup example.com 8.8.8.8
nslookup -class=chaos -type=txt id.server 1.1.1.1
nslookup -class=chaos -type=txt id.server 1.0.0.1

And if you are willing to share information about your network block, please include the output of this next command as well. Note: This does reveal your IP address, so if you aren’t comfortable sharing we understand.
nslookup -type=txt whoami.Cloudflare.com ns3.Cloudflare.com

Those first two tests should show what the Cloudflare resolver provides vs. Google’s resolver and the 3rd test should report which of our nameserver locations you are connected to.

  1. If you want to go the extra mile, doing a test at http://dnsviz.net/ and posting a link to the results can often be helpful as well.
  2. Please include any additional information about the domain/ lookup that you think might be helpful or relevant.

Troubleshooting Unreachability or Routing Issues

  1. Please search the forum for your country name and ISP to see if the issue may have already been reported. If it has please review that post and add any comments you may have to it rather than creating a new post.
  2. Please provide a traceroute for both 1.1.1.1 and 1.0.0.1 (even if you can reach one and not the other).

UNIX (Linux/macOS)

traceroute 1.1.1.1
traceroute 1.0.0.1

Windows

tracert 1.1.1.1
tracert 1.0.0.1

  1. If you believe Cloudflare’s route is suboptimal, please provide a traceroute to a DNS server which you believe has better routing (we can’t always improve routing, but it’s helpful to have information/context when we communicate with ISPs and network providers).
  2. If the traceroute reaches Cloudflare please also include the output for

UNIX (Linux/macOS)

dig +short CHAOS TXT id.server @1.1.1.1
dig +short CHAOS TXT id.server @1.0.0.1

Bonus points if you include these 2:
dig +tcp @1.1.1.1 id.server CH TXT
dig +tcp @1.0.0.1 id.server CH TXT

Windows

nslookup -class=chaos -type=txt id.server 1.1.1.1
nslookup -class=chaos -type=txt id.server 1.0.0.1

Bonus points if you include these 2:
nslookup -vc -class=chaos -type=txt id.server 1.1.1.1
nslookup -vc -class=chaos -type=txt id.server 1.0.0.1

  1. For DNS over TLS issues:

UNIX (Linux/macOS)

openssl s_client -connect 1.1.1.1:853
openssl s_client -connect 1.0.0.1:853

Gold star :star: if you also include:
kdig +tls @1.1.1.1 id.server CH TXT
kdig +tls @1.0.0.1 id.server CH TXT

Windows

There is no standalone DoT client for Windows yet, so only the SSL connection can be checked (requires a manual installation of OpenSSL)

  1. For DNS over HTTPS (DoH) connectivity issues please also run the command below and paste the results of the file in your report as well:
  1. If your traceroute dies at the first hop, your issue is almost certainly hardware related, your router may have a hardcoded route for 1.1.1.1. If that is the case, please provide the make/model of your router as well as your ISP.

  2. Please also consider opening a ticket with your ISP for unreachability or routing related problems as well. We try very hard to work with other network providers when a problem is discovered, but sometimes those providers have other priorities. Your feedback to them helps them to determine this is an issue worth investigating.

Finally… Thank you, thank you, thank you :orange_heart:
We very much appreciate that you are using Cloudflare’s public resolver and we’re sorry that you encountered an issue that requires some troubleshooting on your part. Your willingness to help us determine the cause of the issue by providing diagnostic information is appreciated.

15 Likes
Do ISPs block 1.1.1.1?
1.1.1.1 seems to be blocked or something
Certain website suddenly not reachable with cloudflare dns
Cant reach 1.1.1.1 but 1.0.0.1 works great
1.1.1.1 still blocked from etisalat egypt adsl
Can not reach 1.1.1.1, only 1.0.0.1
Cdn.jsdelivr.net fails to resolve using DNS over TLS
DNS 1.1.1.1 is unreachable
Unable to reach a sub site from Chamberlain.edu
Cloudfare DNS blocked with ACT ISP in India
1.1.1.1 not reachable on TATA India network and 1.0.0.1 high latency
Cloudflare Peerings in India
1.1.1.1 can’t be reached isp tedata egypt
1.1.1.1 can't reach US .mil websites
1.1.1.1 unable to resolve MX of SFDC, only in Toronto area
Simple questions: CloudFlare DNS-over-TLS
Possible to Use 1.1.1.1 with CenturyLink?
Specify AnyCast servers to use when using 1.1.1.1
1.1.1.1 cannot resolve google sites
DNS recursion Timeout Vulnerability
1.1.1.1 Android 6.0.1
DoH connectivity issues in UK
NXDOMAIN/SERVFAIL for google.com from 1.0.0.1 (Amsterdam/NL)
Serious issues to in uk
Serious slowdown in Brooklyn, NY
1.1.1.1 still not working from Telecom Argentina
High ping in algeria using cloudflare dns
Cloudflare DNS make wrong IP Destination of Garena VN
Cannot resolve nbp.pl
Community Tip - How Do I...Answers to Popular Questions
Why the dns 1.0.0.1 is faster than 1.1.1.1 for me?
1.1.1.1 still doesn't work on Orange France
1.1.1.1 not showing correct data for bsrgroup.com.au (8.8.8.8 and 1.0.0.1 are fine)
AT&T Internet 1000 not working with 1.1.1.1
Samsungipolis.com is not found
DNS over TLS > Wrong look ups for co.uk domains
Unable to resolve Nasa domains
TLS13 not working for DNS over TLS
Not Work DNS 1.1.1.1
1.1.1.1 DNS Not Working In Som Countries
Problem with 1.1.1.1 in Brazil
Very important question about dns 1.1.1.1
Issues accessing 1.1.1.1 & 1.0.0.1 on TSD Telecom ISP
Issues accessing 1.1.1.1 & 1.0.0.1 on TSD Telecom ISP
Can not access to 3u.com
1.1.1.1 Not working
1.0.0.1 is faster than 1.1.1.1
[LA] Is Cloudfare extremely unstable to anyone else?
1.1.1.1 blocked by ISP in madagascar
IDM website
Welcome to 1.1.1.1
1.1.1.1 can't resolve gigabituk.com even after purging ( Works fine from other resolvers )
1.1.1.1 - High latency from PK
1.1.1.1 is unreachable in Hong Kong Telecom
Cloudflare unusable
Unable to resolve/ping
Cant reach 1.1.1.1 but 1.0.0.1 works great
DNS Request Timeouts (Error Message inside)
Https://www.gufengmh8.com
High Ping 1.1.1.1 and 1.0.0.1
Android DNS
Singapore - Singtel 89ms
Introducing 1.1.1.1 with Warp!
1.1.1.1 isn't working
1.1.1.1 resolving IP question
Problems with 1.1.1.1 (Unreachable)
DNS cloudflare not resolved npvr-mss.cdns.cdn.orangetv.orange.es
Can't resolve an URL
Having connectivity issues today to DNS
Unable to connect to IPv6 Resolver
Help us test a new version of 1.1.1.1: Public DNS resolver
Can't resolve canadacentral.cloudapp.azure.com
1.1.1.1 DoH not working on Brave
How to fix DNS timeout?
Cannot send email to specific domain
Cannot resolve https://www.ncbi.nlm.nih.gov
DNS problem resolving
Issue with cloud dns on ispserver internet provider
Customer Support Ticket
Customer Support Ticket
HTML5 & Websocket Connections Blocked & Cloudflare
Website minvu.cl is not reached using cloudflare dns service
Having issues with enabling 1.1.1.1 to all my device
1.1.1.1 App Slow
Turkey 1.1.1.1 performance issue
SERVFAIL for heiconf.uni-heidelberg.de
Website unavaible via 1.1.1.1 DNS, but ok on other networks
1.1.1.3 and 1.0.0.3 blocks screenleap.com?
Help bad routeo isp to cloudflare services
Website resolves using google DNS, but not cloudflare?
Our domain doesn't resolve at the Cloudflare DNS
DNS Resolution failure
DNS_PROBE_FINISHED_NXDOMAIN newmexico.gov
1.1.1.1 working with high latency in Argentina
SERVFAIL on newmexico.gov websites
Public DNS times out when connected to Cisco IPSec VPN on macOS
Default Server:unknown
Wrong Cloudflare Datacenter
Not Opening The Website
High Packet Loss to 1.1.1.1 DNS
USPS.com servfail on 1.1.1.1
Not able to access internet
1.1.1.1 issues with Frontier FiOS or Meraki
Can't Get 1.1.1.1 to Work. What am I Doing Wrong?
Cloudflare DNS Incorrect Name Resolution lastpass.com
Cloudflare DNS Incorrect Name Resolution lastpass.com
Can’t get DoH to work
(emergency)Not resolving a certain domain
1.1.1.1 address isnt working
1.1.1.1 not working, 1.0.0.1 is fine
What's not working with 1.1.1.1
Cloudflare DNS service can't find a domain
1.1.1.1 DNS not ping from my ip 209.150.147.234
Community Tip - Tools and Resources
1.1.1.1 DNS not ping from my ip 209.150.147.234
Traffic from my server takes weird path to 1.1.1.1
Unable to resolve upstate.edu with 1.1.1.1
Can't open website with 1.1.1.1 DNS
Is it just me or is 8.8.8.8 much reliable than 1.1.1.1?
"parler.com" does not resolve off of CloudFlare's public DNS servers
WebEx not resolving
SERVFAIL resolving s3-1-w.amazonaws.com
1.1.1.1 not reachable on Telefonica de Argentina/Movistar/Speedy ISP
Configure DNS Manually
1.1.1.1 issues with Hathway (India)
CloudFlare Dns not working in India.ISP Airtel May have blocked it
1.1.1.1 is not working with Hathway Broadband (Indian ISP)
Help accessing 1.1.1.1
Cloudflared DoH 1.1.1.1 failed to perform an HTTPS request

Additional Info:
It was pointed out to me quite quickly by our DNS and Network gurus that the above guide lacks love for IPv6.

For any of the commands above which use 1.1.1.1 or 1.0.0.1 the IPv6 addresses of Cloudflare’s servers can also be used. Those addresses are:

2606:4700:4700::1111 and 2606:4700:4700::1001

How to install kdig
On macOS: brew install knot
On Linux: apt-get install knot
On freeBSD: pkg install knot

8 Likes