WingNews logo WingNews
top | item 44565836

Tell HN: 1.1.1.1 appears to be down

135 points| Wingy | 7 months ago

Cloudflare's DNS server doesn't appear to be working.

    6:03PM storm ~ % ping 1.1.1.1
    PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
    ^C
    --- 1.1.1.1 ping statistics ---
    4 packets transmitted, 0 received, 100% packet loss, time 3103ms

71 comments

order

gerdesj|7 months ago

DNS shouldn't be tested with ICMP. Try dig or nslookup instead. ICMP echo request/reply may help to decide reachability and nothing more.

This is a reasonable test of the DNS service on 1.1.1.1:

  $ dig @1.1.1.1 www.cloudflare.com A

  ; <<>> DiG 9.20.4-3ubuntu1.1-Ubuntu <<>> @1.1.1.1 www.cloudflare.com A
  ; (1 server found)
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34112
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 1232
  ;; QUESTION SECTION:
  ;www.cloudflare.com.            IN      A

  ;; ANSWER SECTION:
  www.cloudflare.com.     36      IN      A       104.16.123.96
  www.cloudflare.com.     36      IN      A       104.16.124.96

  ;; Query time: 39 msec
  ;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
  ;; WHEN: Mon Jul 14 23:32:57 BST 2025
  ;; MSG SIZE  rcvd: 79
[EDIT]:

  $ ping 1.1.1.1
  PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
  From 141.101.70.116 icmp_seq=1 Time to live exceeded
  64 bytes from 1.1.1.1: icmp_seq=2 ttl=50 time=126 ms
So ping fails a bit (and then works - firewall) but DNS works.

The service required is DNS not ping. Test the service.

forbiddenlake|7 months ago

This is all true, but DNS was also down.

Signed, someone who was using 1.1.1.1 as their DNS server and hadn't configured a fallback

indigodaddy|7 months ago

By using ping or MTR, they are testing general connectivity to an endpoint, doesn't matter what service is in play. For example, if you are getting significant packet loss on the endpoint itself in the output of an MTR, then that IS indicative of a network/route/connectivity problem, somewhere along the route (could still be an endpoint issue but definitely not always). The service in question doesn't matter much at that point. Whether the service itself is healthy or not, you are still troubleshooting the overarching issue presented by the bad ping/MTR.

landofyoshi|7 months ago

Well, typically 1.1.1.1 responds to pings. So it not responding is an indication that it's no longer working.

Calzifer|7 months ago

> The service required is DNS not ping.

  ping 1.1
is short and easy to remember. Since I'm not using Cloudflare DNS, ping is actually the service I require :D

g1sm|7 months ago

This outage made me realize the script I was using to test my internet connectivity was depending 100% on cloudflare: I was both pinging 1.1 AND querying 1.1.1.1 using dig and, if both failed, the script would restart pppd.

hnarn|7 months ago

For anyone that has a capable router, an rpi or any kind of home server, I can highly recommend https://github.com/DNSCrypt/dnscrypt-proxy

It lets you send encrypted DNS queries out onto the Internet to any service that supports it (there are many, and you can configure it to use multiple for redundancy), while serving "normal" DNS in your internal network.

It's also trivial to import a blocklist of domains with cron, from hagezi/dns-blocklists for example.

If you have no interest in setting something like this up, at least ensure that you have manually configured or are pushing _multiple_ DNS servers via DHCP. It sucks that 1.1.1.1 went down but it shouldn't matter, there's a reason every operating system supports configuring multiple DNS servers.

For anyone in the EU I can recommend https://www.dns0.eu/ or Mullvad, but at the very least if you're using Cloudflare and don't care about privacy, set 8.8.8.8 as your secondary DNS.

madisp|7 months ago

modern state of status pages makes me sad :( You were a good 10 minutes quicker to note the issue than Cloudflare's status page was

esseph|7 months ago

Major ones will rarely be automated due to legal liability (among other things).

I agree with you, though.

indigodaddy|7 months ago

10-15 minutes ago was getting intermittent TTL exceeded errors when pinging 1.1.1.1. Seems clean now and seem to be resolving ok now

tom1337|7 months ago

and here (EU West) I am debugging why my internet is not working and using ping 1.1.1.1 as a check

zubspace|7 months ago

Same here! Restarted my router and pi hole twice. Now i feel stupid.

thekid314|7 months ago

In NYC it appears down for me too. MacBook-Pro ~ % ping 1.1.1.1 PING 1.1.1.1 (1.1.1.1): 56 data bytes Request timeout for icmp_seq 0

hunkins|7 months ago

Yep, timeouts on my end.

PING 1.1.1.1 (1.1.1.1): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 Request timeout for icmp_seq 2 Request timeout for icmp_seq 3 ^C --- 1.1.1.1 ping statistics --- 5 packets transmitted, 0 packets received, 100.0% packet loss

Demiurge|7 months ago

This is it, I've been experiencing issues with DNS for longer than their timeline reports, but I also tracked it down to no response from DNS.

Does anyone have a good backup for CF? I certainly don't want to rely on my ISP, has they've done MITM before.

op00to|7 months ago

Nextdns?

DoctorOW|7 months ago

I recently switched from Cloudflare to ControlD and it was perfect timing to miss this!

nodesocket|7 months ago

I just got 45 e-mail notifications from Uptime Kuma and knew something was afoot.

nh43215rgb|7 months ago

I wonder how uptime ratio of 1.1.1.1 is against 8.8.8.8

Maybe there is noticeable difference?

esseph|7 months ago

Both of these are among the most reliable and resilient internet services in the world.

EtienneK|7 months ago

Yup, same here (Europe). Opened up HN to confirm. Thanks :)

nagisa|7 months ago

Can confirm its down here too.

1.0.0.1 is also down.

durakot|7 months ago

Looks to be down globally... another friendly reminder of our overdependence on a few services (and how many servers are configured to use 1.1.1.1 for DNS queries?)

gcau|7 months ago

The cloudflare status page had nothing reported, so I just assumed its some issue elsewhere (and the HN post didn't exist yet), if it wasn't for HN I'd probably be ordering a new router and ripping apart all my network settings and complaining to my ISP.

SCHiM|7 months ago

It's down. Tested from two servers, 8.8.8.8 and others are up.

msvcredist2022|7 months ago

Confirmed down in the PNW & Virginia (east1) as well.

pablonara|7 months ago

Down in iowa and montreal too

guluarte|7 months ago

raise up chads using their own custom DNS resolver with 10+ upstream providers

bigstrat2003|7 months ago

Upstream providers? I use root hints, the way God intended.

chgs|7 months ago

I have 6 upstream, but that’s for each of two dns serves in home (one on my pi, one on the jellyfin), so I guess that’s 12 upstream together.

alecsm|7 months ago

It's down in Spain too.

pwr22|7 months ago

Down for me from UK

PaulHoule|7 months ago

No shit. My "internet" just went down and I switched over to 8.8.8.8 and got back up.

strongpigeon|7 months ago

Same. I assumed it was my ISP as it had some hiccups lately, but when I saw that 8.8.8.8 was responding to ICMPs I suspected 1.1.1.1 was down.

armitron|7 months ago

Don't use Cloudflare, they've done enough damage to the Internet with their centralized bs without you needing to further reward them by handing over all your DNS data.

bb88|7 months ago

Tata Communications in India was the one that apparently caused the outage.

kordlessagain|7 months ago

I agree. Modern day man-in-the-middle attack via a corporate entity. Rationalized as a protection racket.