Have problems with 1.1.1.1? *Read Me First*

Here are some tips for troubleshooting if you are having issues using Cloudflare’s Resolver. Please take a moment to review them along with the information that will help us to understand and help diagnose any issues. There are two sections to this guide. The first is for troubleshooting name resolution errors/issues and the second is for unreachability or routing issues.

New Diagnostic Tool We have a new diagnostic tool which can help gather some of the information requested below. If you copy the result from https://Cloudflare-dns.com/help/ to your ticket it will help immensely.

Dig Tutorial

Troubleshooting Name Resolution Issues

  1. Please search the forum to see if the domain you are reporting already has an entry (feel free to add your comments to it, if it does).
  2. Please provide the following tests from your location if possible and include it with your report.

UNIX (Linux/macOS)

dig example.com @1.1.1.1
dig example.com @1.0.0.1
dig example.com @8.8.8.8
dig +short CHAOS TXT id.server @1.1.1.1
dig +short CHAOS TXT id.server @1.0.0.1

And if you are willing to share information about your network block, please include the output of this next command as well. Note: This does reveal your IP address, so if you aren’t comfortable sharing we understand.
dig @ns3.Cloudflare.com whoami.Cloudflare.com txt +short

Windows

nslookup example.com 1.1.1.1
nslookup example.com 1.0.0.1
nslookup example.com 8.8.8.8
nslookup -class=chaos -type=txt id.server 1.1.1.1
nslookup -class=chaos -type=txt id.server 1.0.0.1

And if you are willing to share information about your network block, please include the output of this next command as well. Note: This does reveal your IP address, so if you aren’t comfortable sharing we understand.
nslookup -type=txt whoami.Cloudflare.com ns3.Cloudflare.com

Those first two tests should show what the Cloudflare resolver provides vs. Google’s resolver and the 3rd test should report which of our nameserver locations you are connected to.

  1. If you want to go the extra mile, doing a test at http://dnsviz.net/ and posting a link to the results can often be helpful as well.
  2. Please include any additional information about the domain/ lookup that you think might be helpful or relevant.

Troubleshooting Unreachability or Routing Issues

  1. Please search the forum for your country name and ISP to see if the issue may have already been reported. If it has please review that post and add any comments you may have to it rather than creating a new post.
  2. Please provide a traceroute for both 1.1.1.1 and 1.0.0.1 (even if you can reach one and not the other).

UNIX (Linux/macOS)

traceroute 1.1.1.1
traceroute 1.0.0.1

Windows

tracert 1.1.1.1
tracert 1.0.0.1

  1. If you believe Cloudflare’s route is suboptimal, please provide a traceroute to a DNS server which you believe has better routing (we can’t always improve routing, but it’s helpful to have information/context when we communicate with ISPs and network providers).
  2. If the traceroute reaches Cloudflare please also include the output for

UNIX (Linux/macOS)

dig +short CHAOS TXT id.server @1.1.1.1
dig +short CHAOS TXT id.server @1.0.0.1

Bonus points if you include these 2:
dig +tcp @1.1.1.1 id.server CH TXT
dig +tcp @1.0.0.1 id.server CH TXT

Windows

nslookup -class=chaos -type=txt id.server 1.1.1.1
nslookup -class=chaos -type=txt id.server 1.0.0.1

Bonus points if you include these 2:
nslookup -vc -class=chaos -type=txt id.server 1.1.1.1
nslookup -vc -class=chaos -type=txt id.server 1.0.0.1

  1. For DNS over TLS issues:

UNIX (Linux/macOS)

openssl s_client -connect 1.1.1.1:853
openssl s_client -connect 1.0.0.1:853

Gold star :star: if you also include:
kdig +tls @1.1.1.1 id.server CH TXT
kdig +tls @1.0.0.1 id.server CH TXT

Windows

There is no standalone DoT client for Windows yet, so only the SSL connection can be checked (requires a manual installation of OpenSSL)

  1. For DNS over HTTPS (DoH) connectivity issues please also run the command below and paste the results of the file in your report as well:
  1. If your traceroute dies at the first hop, your issue is almost certainly hardware related, your router may have a hardcoded route for 1.1.1.1. If that is the case, please provide the make/model of your router as well as your ISP.

  2. Please also consider opening a ticket with your ISP for unreachability or routing related problems as well. We try very hard to work with other network providers when a problem is discovered, but sometimes those providers have other priorities. Your feedback to them helps them to determine this is an issue worth investigating.

Finally… Thank you, thank you, thank you :orange_heart:
We very much appreciate that you are using Cloudflare’s public resolver and we’re sorry that you encountered an issue that requires some troubleshooting on your part. Your willingness to help us determine the cause of the issue by providing diagnostic information is appreciated.

15 Likes
Do ISPs block 1.1.1.1?
1.1.1.1 seems to be blocked or something
Certain website suddenly not reachable with cloudflare dns
Cant reach 1.1.1.1 but 1.0.0.1 works great
1.1.1.1 still blocked from etisalat egypt adsl
Can not reach 1.1.1.1, only 1.0.0.1
DNS 1.1.1.1 is unreachable
Unable to reach a sub site from Chamberlain.edu
1.1.1.3 and 1.0.0.3 blocks screenleap.com?
Website unavaible via 1.1.1.1 DNS, but ok on other networks
SERVFAIL for heiconf.uni-heidelberg.de
Turkey 1.1.1.1 performance issue
1.1.1.1 App Slow
Having issues with enabling 1.1.1.1 to all my device
Website minvu.cl is not reached using cloudflare dns service
HTML5 & Websocket Connections Blocked & Cloudflare
Customer Support Ticket
Customer Support Ticket
Issue with cloud dns on ispserver internet provider
DNS problem resolving
Cannot resolve https://www.ncbi.nlm.nih.gov
Cannot send email to specific domain
Help us test a new version of 1.1.1.1: Public DNS resolver
1.1.1.1 DoH not working on Brave
Can't resolve canadacentral.cloudapp.azure.com
How to fix DNS timeout?
Having connectivity issues today to DNS
Can't resolve an URL
DNS cloudflare not resolved npvr-mss.cdns.cdn.orangetv.orange.es
Problems with 1.1.1.1 (Unreachable)
1.1.1.1 resolving IP question
1.1.1.1 isn't working
Introducing 1.1.1.1 with Warp!
Singapore - Singtel 89ms
Android DNS
High Ping 1.1.1.1 and 1.0.0.1
DNS Request Timeouts (Error Message inside)
Https://www.gufengmh8.com
Cant reach 1.1.1.1 but 1.0.0.1 works great
Unable to resolve/ping
Cloudflare unusable
1.1.1.1 is unreachable in Hong Kong Telecom
1.1.1.1 - High latency from PK
1.1.1.1 can't resolve gigabituk.com even after purging ( Works fine from other resolvers )
Welcome to 1.1.1.1
IDM website
1.1.1.1 blocked by ISP in madagascar
[LA] Is Cloudfare extremely unstable to anyone else?
1.0.0.1 is faster than 1.1.1.1
1.1.1.1 Not working
Can not access to 3u.com
Issues accessing 1.1.1.1 & 1.0.0.1 on TSD Telecom ISP
Issues accessing 1.1.1.1 & 1.0.0.1 on TSD Telecom ISP
Traffic from my server takes weird path to 1.1.1.1
Cdn.jsdelivr.net fails to resolve using DNS over TLS
Very important question about dns 1.1.1.1
Problem with 1.1.1.1 in Brazil
1.1.1.1 DNS Not Working In Som Countries
Not Work DNS 1.1.1.1
TLS13 not working for DNS over TLS
Unable to resolve Nasa domains
DNS over TLS > Wrong look ups for co.uk domains
Samsungipolis.com is not found
AT&T Internet 1000 not working with 1.1.1.1
1.1.1.1 still doesn't work on Orange France
1.1.1.1 not showing correct data for bsrgroup.com.au (8.8.8.8 and 1.0.0.1 are fine)
Why the dns 1.0.0.1 is faster than 1.1.1.1 for me?
Cannot resolve nbp.pl
Cloudflare DNS make wrong IP Destination of Garena VN
High ping in algeria using cloudflare dns
1.1.1.1 still not working from Telecom Argentina
Serious slowdown in Brooklyn, NY
Serious issues to in uk
DoH connectivity issues in UK
DNS recursion Timeout Vulnerability
NXDOMAIN/SERVFAIL for google.com from 1.0.0.1 (Amsterdam/NL)
1.1.1.1 Android 6.0.1
Specify AnyCast servers to use when using 1.1.1.1
1.1.1.1 cannot resolve google sites
Possible to Use 1.1.1.1 with CenturyLink?
1.1.1.1 can’t be reached isp tedata egypt
Simple questions: CloudFlare DNS-over-TLS
1.1.1.1 unable to resolve MX of SFDC, only in Toronto area
Cloudflare Peerings in India
1.1.1.1 not reachable on TATA India network and 1.0.0.1 high latency
1.1.1.1 can't reach US .mil websites
Cloudfare DNS blocked with ACT ISP in India
Help accessing 1.1.1.1
1.1.1.1 is not working with Hathway Broadband (Indian ISP)
Cloudflared DoH 1.1.1.1 failed to perform an HTTPS request
CloudFlare Dns not working in India.ISP Airtel May have blocked it
Configure DNS Manually
Not able to access internet
1.1.1.1 not reachable on Telefonica de Argentina/Movistar/Speedy ISP
Community Tip - Tools and Resources
Community Tip - How Do I...Answers to Popular Questions
Is it just me or is 8.8.8.8 much reliable than 1.1.1.1?
Unable to connect to IPv6 Resolver
1.1.1.1 issues with Hathway (India)
USPS.com servfail on 1.1.1.1
High Packet Loss to 1.1.1.1 DNS
Not Opening The Website
Wrong Cloudflare Datacenter
Default Server:unknown
Public DNS times out when connected to Cisco IPSec VPN on macOS
SERVFAIL on newmexico.gov websites
1.1.1.1 working with high latency in Argentina
DNS_PROBE_FINISHED_NXDOMAIN newmexico.gov
DNS Resolution failure
Our domain doesn't resolve at the Cloudflare DNS
Website resolves using google DNS, but not cloudflare?
Help bad routeo isp to cloudflare services

Additional Info:
It was pointed out to me quite quickly by our DNS and Network gurus that the above guide lacks love for IPv6.

For any of the commands above which use 1.1.1.1 or 1.0.0.1 the IPv6 addresses of Cloudflare’s servers can also be used. Those addresses are:

2606:4700:4700::1111 and 2606:4700:4700::1001

How to install kdig
On macOS: brew install knot
On Linux: apt-get install knot
On freeBSD: pkg install knot

8 Likes