←back to thread

Tell HN: 1.1.1.1 appears to be down

135 points Wingy | 2 comments | 14 Jul 25 22:04 UTC | HN request time: 0.001s | source

Cloudflare's DNS server doesn't appear to be working.

    6:03PM storm ~ % ping 1.1.1.1
    PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
    ^C
    --- 1.1.1.1 ping statistics ---
    4 packets transmitted, 0 received, 100% packet loss, time 3103ms
Show context
gerdesj ◴[14 Jul 25 22:34 UTC] No.44566083[source]
DNS shouldn't be tested with ICMP. Try dig or nslookup instead. ICMP echo request/reply may help to decide reachability and nothing more.

This is a reasonable test of the DNS service on 1.1.1.1:

  $ dig @1.1.1.1 www.cloudflare.com A

  ; <<>> DiG 9.20.4-3ubuntu1.1-Ubuntu <<>> @1.1.1.1 www.cloudflare.com A
  ; (1 server found)
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34112
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 1232
  ;; QUESTION SECTION:
  ;www.cloudflare.com.            IN      A

  ;; ANSWER SECTION:
  www.cloudflare.com.     36      IN      A       104.16.123.96
  www.cloudflare.com.     36      IN      A       104.16.124.96

  ;; Query time: 39 msec
  ;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
  ;; WHEN: Mon Jul 14 23:32:57 BST 2025
  ;; MSG SIZE  rcvd: 79
[EDIT]:

  $ ping 1.1.1.1
  PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
  From 141.101.70.116 icmp_seq=1 Time to live exceeded
  64 bytes from 1.1.1.1: icmp_seq=2 ttl=50 time=126 ms
So ping fails a bit (and then works - firewall) but DNS works.

The service required is DNS not ping. Test the service.

replies(5): >>44566125 #>>44566149 #>>44566199 #>>44566279 #>>44566284 #
1. Calzifer ◴[14 Jul 25 22:58 UTC] No.44566279[source]
> The service required is DNS not ping.

  ping 1.1
is short and easy to remember. Since I'm not using Cloudflare DNS, ping is actually the service I require :D
replies(1): >>44566340 #
2. gerdesj ◴[14 Jul 25 23:06 UTC] No.44566340[source]
In which case:

  $ ping 127.0.0.1
Provided you have a working IP stack, your ping service requirement is met admirably 8)

I run a lot of pfSense boxes and they (and OPNSense) have a pinger daemon to test connectivity which is really useful for multi-link routing. Bad idea for single links because you add an extra thing to fail. On a router with multiple internet links they are handy. You mostly ping known "reasonably stable" anycast addresses - they are the best option and usually end up being DNS servers - 1.1.1.1, 8.8.8.8, 8.8.4.4 etc are all good candidates.