DNS shouldn't be tested with ICMP. Try dig or nslookup instead. ICMP echo request/reply may help to decide reachability and nothing more.

This is a reasonable test of the DNS service on 1.1.1.1:

  $ dig @1.1.1.1 www.cloudflare.com A

  ; <<>> DiG 9.20.4-3ubuntu1.1-Ubuntu <<>> @1.1.1.1 www.cloudflare.com A
  ; (1 server found)
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34112
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 1232
  ;; QUESTION SECTION:
  ;www.cloudflare.com.            IN      A

  ;; ANSWER SECTION:
  www.cloudflare.com.     36      IN      A       104.16.123.96
  www.cloudflare.com.     36      IN      A       104.16.124.96

  ;; Query time: 39 msec
  ;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
  ;; WHEN: Mon Jul 14 23:32:57 BST 2025
  ;; MSG SIZE  rcvd: 79

  $ ping 1.1.1.1
  PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
  From 141.101.70.116 icmp_seq=1 Time to live exceeded
  64 bytes from 1.1.1.1: icmp_seq=2 ttl=50 time=126 ms

The service required is DNS not ping. Test the service.

https://x.com/nadeu/status/1944881376366616749

https://www.cloudflarestatus.com/incidents/28r0vbbxsh8f

hehe https://radar.cloudflare.com/routing/anomalies/hijack-107469

their bgp monitoring found it :)

For anyone that has a capable router, an rpi or any kind of home server, I can highly recommend https://github.com/DNSCrypt/dnscrypt-proxy

It lets you send encrypted DNS queries out onto the Internet to any service that supports it (there are many, and you can configure it to use multiple for redundancy), while serving "normal" DNS in your internal network.

It's also trivial to import a blocklist of domains with cron, from hagezi/dns-blocklists for example.

If you have no interest in setting something like this up, at least ensure that you have manually configured or are pushing _multiple_ DNS servers via DHCP. It sucks that 1.1.1.1 went down but it shouldn't matter, there's a reason every operating system supports configuring multiple DNS servers.

For anyone in the EU I can recommend https://www.dns0.eu/ or Mullvad, but at the very least if you're using Cloudflare and don't care about privacy, set 8.8.8.8 as your secondary DNS.

modern state of status pages makes me sad :( You were a good 10 minutes quicker to note the issue than Cloudflare's status page was

10-15 minutes ago was getting intermittent TTL exceeded errors when pinging 1.1.1.1. Seems clean now and seem to be resolving ok now

This outage made me realize the script I was using to test my internet connectivity was depending 100% on cloudflare: I was both pinging 1.1 AND querying 1.1.1.1 using dig and, if both failed, the script would restart pppd.

and here (EU West) I am debugging why my internet is not working and using ping 1.1.1.1 as a check

In NYC it appears down for me too. MacBook-Pro ~ % ping 1.1.1.1 PING 1.1.1.1 (1.1.1.1): 56 data bytes Request timeout for icmp_seq 0

This is it, I've been experiencing issues with DNS for longer than their timeline reports, but I also tracked it down to no response from DNS.

Does anyone have a good backup for CF? I certainly don't want to rely on my ISP, has they've done MITM before.

Yep, timeouts on my end.

PING 1.1.1.1 (1.1.1.1): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 Request timeout for icmp_seq 2 Request timeout for icmp_seq 3 ^C --- 1.1.1.1 ping statistics --- 5 packets transmitted, 0 packets received, 100.0% packet loss

I recently switched from Cloudflare to ControlD and it was perfect timing to miss this!

near total global outage according to https://atlas.ripe.net/measurements/117762218/

I wonder how uptime ratio of 1.1.1.1 is against 8.8.8.8

Maybe there is noticeable difference?

Yup, same here (Europe). Opened up HN to confirm. Thanks :)

Can confirm its down here too.

1.0.0.1 is also down.

The cloudflare status page had nothing reported, so I just assumed its some issue elsewhere (and the HN post didn't exist yet), if it wasn't for HN I'd probably be ordering a new router and ripping apart all my network settings and complaining to my ISP.

Looks to be down globally... another friendly reminder of our overdependence on a few services (and how many servers are configured to use 1.1.1.1 for DNS queries?)

It's down. Tested from two servers, 8.8.8.8 and others are up.

Confirmed down in the PNW & Virginia (east1) as well.

raise up chads using their own custom DNS resolver with 10+ upstream providers

It's down in Spain too.

I just got 45 e-mail notifications from Uptime Kuma and knew something was afoot.

Down for me from UK

No shit. My "internet" just went down and I switched over to 8.8.8.8 and got back up.

Don't use Cloudflare, they've done enough damage to the Internet with their centralized bs without you needing to further reward them by handing over all your DNS data.

their status page shows there is no problems with it.