Troubleshooting
This guide will help you diagnose and resolve common issues with Cloudflare's DNS Resolver. Before proceeding with manual troubleshooting steps, you can verify your connection to automatically gather relevant information.
Name resolution issues
Section titled “Name resolution issues”Linux/macOS
Section titled “Linux/macOS”# Test DNS resolutiondig example.com @1.1.1.1dig example.com @1.0.0.1dig example.com @8.8.8.8
# Check connected nameserverdig +short CHAOS TXT id.server @1.1.1.1dig +short CHAOS TXT id.server @1.0.0.1
# Optional: Network informationdig @ns3.cloudflare.com whoami.cloudflare.com txt +shortWindows
Section titled “Windows”# Test DNS resolutionnslookup example.com 1.1.1.1nslookup example.com 1.0.0.1nslookup example.com 8.8.8.8
# Check connected nameservernslookup -class=chaos -type=txt id.server 1.1.1.1nslookup -class=chaos -type=txt id.server 1.0.0.1
# Optional: Network informationnslookup -type=txt whoami.cloudflare.com ns3.cloudflare.comNote: The network information command reveals your IP address. Only include this in reports to Cloudflare if you are comfortable sharing this information.
For additional analysis, you can generate a DNSViz ↗ report for the domain in question.
Connectivity and routing issues
Section titled “Connectivity and routing issues”Before reporting connectivity issues:
- Search for existing reports from your country and ISP.
- Run traceroutes to both Cloudflare DNS resolvers.
Linux/macOS
Section titled “Linux/macOS”# Basic connectivity teststraceroute 1.1.1.1traceroute 1.0.0.1
# If reachable, check nameserver identitydig +short CHAOS TXT id.server @1.1.1.1dig +short CHAOS TXT id.server @1.0.0.1
# TCP connection testsdig +tcp @1.1.1.1 id.server CH TXTdig +tcp @1.0.0.1 id.server CH TXTWindows
Section titled “Windows”# Basic connectivity teststracert 1.1.1.1tracert 1.0.0.1
# If reachable, check nameserver identitynslookup -class=chaos -type=txt id.server 1.1.1.1nslookup -class=chaos -type=txt id.server 1.0.0.1
# TCP connection testsnslookup -vc -class=chaos -type=txt id.server 1.1.1.1nslookup -vc -class=chaos -type=txt id.server 1.0.0.1DNS-over-TLS (DoT) troubleshooting
Section titled “DNS-over-TLS (DoT) troubleshooting”Linux/macOS
Section titled “Linux/macOS”# Test TLS connectivityopenssl s_client -connect 1.1.1.1:853openssl s_client -connect 1.0.0.1:853
# Test DNS resolution over TLSkdig +tls @1.1.1.1 id.server CH TXTkdig +tls @1.0.0.1 id.server CH TXTWindows
Section titled “Windows”Windows does not include a standalone DoT client. You can test TLS connectivity using OpenSSL after installing it manually.
DNS-over-HTTPS (DoH) troubleshooting
Section titled “DNS-over-HTTPS (DoH) troubleshooting”Linux/macOS
Section titled “Linux/macOS”curl -H 'accept: application/dns-json' 'https://cloudflare-dns.com/dns-query?name=cloudflare.com&type=AAAA'Windows
Section titled “Windows”(Invoke-WebRequest -Uri 'https://cloudflare-dns.com/dns-query?name=cloudflare.com&type=AAAA').RawContentCommon issues
Section titled “Common issues”First hop failures
Section titled “First hop failures”If your traceroute fails at the first hop, the issue is likely hardware-related. Your router may have a hardcoded route for 1.1.1.1. When reporting this issue, include:
- Router make and model
- ISP name
- Any relevant router configuration details
Additional resources
Section titled “Additional resources”Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark