FAQ
Below you will find answers to our most commonly asked questions. If you cannot find the answer you are looking for, refer to the community page to explore more resources.
What is 1.1.1.1?
1.1.1.1 is Cloudflare’s fast and secure DNS resolver. When you request to visit an application like cloudflare.com, your computer needs to know which server to connect you to so that it can load the application. Computers don’t know how to do this name to address translation, so they ask a specialized server to do it for them.
This specialized server is called a DNS recursive resolver. The resolver’s job is to find the address for a given name, like 2400:cb00:2048:1::c629:d7a2 for cloudflare.com, and return it to the computer that asked for it.
Computers are configured to talk to specific DNS resolvers, identified by IP address. Usually the configuration is managed by your ISP (like Comcast or AT&T) if you are on your home or wireless Internet, and by your network administrator if you’re connected to the office Internet. You can also change the configured DNS resolver your computer talks to yourself.
How can I check if my computer / smartphone / tablet is connected to 1.1.1.1?
What do DNS resolvers do?
DNS resolvers are like address books for the Internet. They translate the name of places to addresses so that your browser can figure out how to get there. DNS resolvers do this by working backwards from the top until they find the website your are looking for.
Every resolver knows how to find the invisible . at the end of domain names (for example, cloudflare.com.). There are hundreds of root servers all over the world that host the . file, and resolvers are hard coded to know the IP addresses of those servers. Cloudflare itself hosts that file on all of its servers around the world through a partnership with ISC.
The resolver asks one of the root servers where to find the next link in the chain — the top-level domain (abbreviated to TLD) or domain ending. An example of a TLD is .com or .org. Luckily, the root servers store the locations of all the TLD servers, so they can return which IP address the DNS resolver should go ask next.
The resolver then asks the TLD’s servers where it can find the domain it is looking for. For example, a resolver might ask .com where to find cloudflare.com. TLDs host a file containing the location of every domain using the TLD.
Once the resolver has the final IP address, it returns the answer to the computer that asked.
This whole system is called the Domain Name System (DNS). This system includes the servers that host the information (called authoritative DNS) and the servers that seek the information (the DNS resolvers).
Does 1.1.1.1 support ANY?
NOTIMPL when asked for qtype==ANY. How does 1.1.1.1 work with DNSSEC?
DO (DNSSEC OK) bit on every query to convey to the authoritative server that it wishes to receive signed answers if available. 1.1.1.1 supports the signature algorithms specified in Supported DNSKEY signature algorithms. Does 1.1.1.1 send EDNS Client Subnet header?
whoami.ds.akahelp.net to aid in cross-provider debugging. However, Cloudflare does not send ECS to any of Akamai’s production domains, such as akamaihd.net or similar.