Here are some tips for troubleshooting if you are having issues using Cloudflare’s Resolver. Please take a moment to review them along with the information that will help us to understand and help diagnose any issues. There are two sections to this guide. The first is for troubleshooting name resolution errors/issues and the second is for unreachability or routing issues.
New Diagnostic Tool We have a new diagnostic tool which can help gather some of the information requested below. If you copy the result from 1.1.1.1 — the Internet’s Fastest, Privacy-First DNS Resolver to your ticket it will help immensely.
Troubleshooting Name Resolution Issues
- Please search the forum to see if the domain you are reporting already has an entry (feel free to add your comments to it, if it does).
- Please provide the following tests from your location if possible and include it with your report.
UNIX (Linux/macOS)
—
dig example.com @1.1.1.1
dig example.com @1.0.0.1
dig example.com @8.8.8.8
dig +short CHAOS TXT id.server @1.1.1.1
dig +short CHAOS TXT id.server @1.0.0.1And if you are willing to share information about your network block, please include the output of this next command as well. Note: This does reveal your IP address, so if you aren’t comfortable sharing we understand.
dig @ns3.Cloudflare.com whoami.Cloudflare.com txt +short
Windows
—
nslookup example.com 1.1.1.1
nslookup example.com 1.0.0.1
nslookup example.com 8.8.8.8
nslookup -class=chaos -type=txt id.server 1.1.1.1
nslookup -class=chaos -type=txt id.server 1.0.0.1And if you are willing to share information about your network block, please include the output of this next command as well. Note: This does reveal your IP address, so if you aren’t comfortable sharing we understand.
nslookup -type=txt whoami.Cloudflare.com ns3.Cloudflare.com
Those first two tests should show what the Cloudflare resolver provides vs. Google’s resolver and the 3rd test should report which of our nameserver locations you are connected to.
- If you want to go the extra mile, doing a test at http://dnsviz.net/ and posting a link to the results can often be helpful as well.
- Please include any additional information about the domain/ lookup that you think might be helpful or relevant.
Troubleshooting Unreachability or Routing Issues
- Please search the forum for your country name and ISP to see if the issue may have already been reported. If it has please review that post and add any comments you may have to it rather than creating a new post.
- Please provide a traceroute for both 1.1.1.1 and 1.0.0.1 (even if you can reach one and not the other).
UNIX (Linux/macOS)
—
traceroute 1.1.1.1
traceroute 1.0.0.1
Windows
—
tracert 1.1.1.1
tracert 1.0.0.1
- If you believe Cloudflare’s route is suboptimal, please provide a traceroute to a DNS server which you believe has better routing (we can’t always improve routing, but it’s helpful to have information/context when we communicate with ISPs and network providers).
- If the traceroute reaches Cloudflare please also include the output for
UNIX (Linux/macOS)
—
dig +short CHAOS TXT id.server @1.1.1.1
dig +short CHAOS TXT id.server @1.0.0.1Bonus points if you include these 2:
dig +tcp @1.1.1.1 id.server CH TXT
dig +tcp @1.0.0.1 id.server CH TXT
Windows
—
nslookup -class=chaos -type=txt id.server 1.1.1.1
nslookup -class=chaos -type=txt id.server 1.0.0.1Bonus points if you include these 2:
nslookup -vc -class=chaos -type=txt id.server 1.1.1.1
nslookup -vc -class=chaos -type=txt id.server 1.0.0.1
- For DNS over TLS issues:
UNIX (Linux/macOS)
—
openssl s_client -connect 1.1.1.1:853
openssl s_client -connect 1.0.0.1:853Gold star
if you also include:
kdig +tls @1.1.1.1 id.server CH TXT
kdig +tls @1.0.0.1 id.server CH TXT
Windows
—
There is no standalone DoT client for Windows yet, so only the SSL connection can be checked (requires a manual installation of OpenSSL)
- For DNS over HTTPS (DoH) connectivity issues please also run the command below and paste the results of the file in your report as well:
-
If your traceroute dies at the first hop, your issue is almost certainly hardware related, your router may have a hardcoded route for 1.1.1.1. If that is the case, please provide the make/model of your router as well as your ISP.
-
Please also consider opening a ticket with your ISP for unreachability or routing related problems as well. We try very hard to work with other network providers when a problem is discovered, but sometimes those providers have other priorities. Your feedback to them helps them to determine this is an issue worth investigating.
Finally… Thank you, thank you, thank you
We very much appreciate that you are using Cloudflare’s public resolver and we’re sorry that you encountered an issue that requires some troubleshooting on your part. Your willingness to help us determine the cause of the issue by providing diagnostic information is appreciated.