Ask HN: 1.1.1.1 DNS (Cloudflare) outage?

29 points by sbr464 ↗ HN
I'm experiencing an outage with the new 1.1.1.1 dns resolver. Anyone else?

37 comments

[ 3.9 ms ] story [ 85.0 ms ] thread
yeah I just had to change to 8.8.8.8 as well
yep same, guess I'll need to put a backup dns back in my settings.
Yea I just updated my Google Wifi settings to 1.1.1.1 primary and 8.8.8.8 secondary.
Confirmed from LA, dig times out...
(comment deleted)
Denver/Comcast Business Cable currently (fyi)
Just had to change my DNS forwarders, it was stupid of me to use 2 from the same provider.
New Jersey on Fios, same here. Secondary DNS set to 8.8.8.8 which probably makes more sense as a backup anyway.
Yeah - Europe side too. Thought my raspberry pi hole setup was broken...nope.

Maybe related to the recent attack on that DNS server?

Down in London, both 1.1.1.1 and 0.0.0.0
0.0.0.0 might be down for a little bit longer ;)
Just a little bit longer... ;)
It's still down, shall we let Cloudflare know .. ;-)
yea, I set the secondary dns to 8.8.8.8 due to that
It's back up:

    ; <<>> DiG 9.9.5-9+deb8u15-Debian <<>> @1.1.1.1
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21908
    ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 1536
    ;; QUESTION SECTION:
    ;.                              IN      NS

    ;; ANSWER SECTION:
    .                       2179    IN      NS      a.root-servers.net.
    .                       2179    IN      NS      b.root-servers.net.
    .                       2179    IN      NS      c.root-servers.net.
    .                       2179    IN      NS      d.root-servers.net.
    .                       2179    IN      NS      e.root-servers.net.
    .                       2179    IN      NS      f.root-servers.net.
    .                       2179    IN      NS      g.root-servers.net.
    .                       2179    IN      NS      h.root-servers.net.
    .                       2179    IN      NS      i.root-servers.net.
    .                       2179    IN      NS      j.root-servers.net.
    .                       2179    IN      NS      k.root-servers.net.
    .                       2179    IN      NS      l.root-servers.net.
    .                       2179    IN      NS      m.root-servers.net.

    ;; Query time: 10 msec
    ;; SERVER: 1.1.1.1#53(1.1.1.1)
    ;; WHEN: Thu May 31 18:14:31 UTC 2018
    ;; MSG SIZE  rcvd: 431
Confirmed from India.

Are we even supposed to use the same DNS provider for both the fields? That seems like a bad idea

This issue should be resolved. It is early but appears our DDoS systems kicked in when they shouldn't.
Thanks for the update. Did this affect all of your public resolvers or only 1.1.1.1?
It only affected 1.1.1.1 and 1.0.0.1 over UDP. The IPv6 pairs 2606:4700:4700::1111 and 2606:4700:4700::1001 were unaffected.
confirmed back up here (denver)
Could this be more hacking originating from China? Same thing from just a few days ago.
Confirmed in Silicon Valley, seems to be working now though.
Confirmed in The Netherlands.

Was concerned it was another hijack, but a hijack would probably try to act like a dns...

funny that no one links to the cloudflare status page: https://www.cloudflarestatus.com/
Thanks for posting, I had checked originally, but didn't see that update, probably too early.
Is it ironic that the status page requires DNS to access?
How to check if you're having trouble from your specific location:

-- Windows --

Cloudflare DNS:

  nslookup www.google.com 1.1.1.1
Google DNS:

  nslookup www.google.com 8.8.8.8
-- Linux --

Cloudflare DNS:

  dig @1.1.1.1 www.google.com
Google DNS:

  dig @8.8.8.8 www.google.com
Using dig on windows 7 it seems to be up.
It made my router lockup for some reason, even changing DNS locally on PC seemed to give some routing issues. Router reboot seemed to sort out.