Frequently Asked Questions

General

What is 1.1.1.1?

When you request to visit an application like cloudflare.com, your computer needs to know which server to connect you to so that it can load the application. Computers don’t know how to do this name to address translation, so they ask a specialized server to do it for them.

This specialized server is called a DNS recursive resolver. The resolver’s job is to find the address for a given name, like 2400:cb00:2048:1::c629:d7a2 for cloudflare.com, and return it to the computer that asked for it.

Computers are configured to talk to specific DNS resolvers, identified by IP address. Usually, the configuration is managed by your ISP (like Comcast or AT&T) if you’re on your home or wireless internet, and by your network administrator if you’re connected to the office internet. You can also change the configured DNS resolver your computer talks to yourself.

What do DNS resolvers do?

How do resolvers know how to find the address of a domain name? They work backwards from the top.

Every resolver knows how to find the invisible ‘.’ at the end of domain names (e.g. cloudflare.com.). There are hundreds of servers all over the world that host the ‘.’ file. Cloudflare itself hosts that file on all of its servers around the world through a partnership with ISC. Resolvers are hard coded to know the IP addresses of those servers.

The resolver asks one of the root servers where to find the next link in the chain, the TLD or domain ending. An example of a TLD is .com or .org. Luckily the root servers store the locations of all the TLD servers, so they can return which IP address the DNS resolver should go ask next.

The resolver then asks the TLD’s servers where it can find the domain it is looking for, for example, a resolver might ask .com where to find cloudflare.com. TLD’s host a file containing the location of every domain using the TLD. Once the resolver has the final IP address, it returns the answer to the computer that asked.

This whole system - with the servers that host the information (they are called authoritative DNS) and the servers that seek the information (the DNS resolvers) is called the Domain Name System (DNS). DNS is like Google Maps for the internet. It translates the name of places to addresses so that you can figure out how to get there.

Does 1.1.1.1 have IPv6 support?

Yes, 1.1.1.1 has full IPv6 support.

How can I clear 1.1.1.1’s DNS cache?

You can refresh 1.1.1.1’s DNS cache for domain names by using the purge cache tool. You have to enter the domain name, pick the DNS record type (or types) and hit the ‘Purge Cache’ button.

Does 1.1.1.1 work inside China?

Not really. You can configure your DNS to point towards 1.1.1.1 but it will not reach one of our data centers inside China. Instead, the request will route to one of our data centers outside of Mainland China.

Where can I find 1.1.1.1’s developer docs?

Here.

Mobile App

How does the mobile app work?

The app runs a local resolver inside your mobile phone that asks all the other apps to send their DNS requests to the address of this resolver. Once these DNS requests reach the local resolver, it encrypts them and sends them to 1.1.1.1.

Is the 1.1.1.1 app a VPN?

No. A VPN app typically proxies all of your network traffic. The 1.1.1.1 app only overrides and secures your mobile phone’s DNS traffic.

What are DNS logs?

The DNS logs on iOS contain all the DNS queries that your phone makes. Your apps and mobile browser usually generate these DNS queries.

What are the console logs for?

The console logs are there to help Cloudflare debug your connection.

How can I suggest an improvement?

We read all of your suggestions. You can shake the phone while in the app and send your suggestions for improvements. Alternatively, you can go to the app menu and tap on ‘Help’ to send your feedback.

What is the difference between using DNS over TLS and DNS over HTTPS?

Both DNS over TLS and DNS over HTTPS encrypt plain DNS queries from the phone.

DNS over HTTPS uses port 443 and DNS over TLS uses port 853. In some networks, one of these ports might be blocked. If port 443 is blocked you should use DNS over TLS. If port 853 is blocked, you should use DNS over HTTPS. In some cases, DNS over TLS may be faster than DNS over HTTPS or the other way around.

How can I send a bug report?

You can shake the app and send a bug report. When you do that, the app attaches a screenshot and the console logs along with the bug report. The console log helps us debug your connection and improve your overall app experience.

My internet stopped working when I was using the 1.1.1.1 app. What should I do?

If this happens, try turning the app off and on again by using the toggle from the app home page. If the issue persists, please disable the app and send us a bug report.

The 1.1.1.1 app is stuck in ‘CONNECTING’ or ‘REASSERTING’. What should I do?

This may happen if your network connection is temporarily disrupted or if your data connection is blocking 1.1.1.1 connections:

  • Disable the app using the toggle on the app home page.
  • Open the iOS Settings app and navigate to Settings > General > Reset.
  • Tap on Reset Network Settings.
  • Reboot your device; make sure your Wifi is connected.
  • Try connecting the app again.

If this does not allow the connection, disable the 1.1.1.1 app and send us a bug report.

I cannot click OK on the VPN installation dialog. What should I do?

If you cannot click on the OK button, there might be another application on top of the dialog. Some known apps that can cause this problem are Lux Brightness, Night Mode, Twilight, FileManager etc. To avoid this problem, close or uninstall all apps that might cause this problem.

I kept the app enabled but I noticed it turned off after a while. What happened?

Your phone is trying to manage the battery by disabling the app. For example, most Huawei devices are known for their aggressive memory and power management.

You can fix this by following the steps below:

  • Go to the ‘Settings’ on your phone.
  • Select ‘Advanced’
  • Visit ‘Battery Manager’
  • Open ‘Protected Apps’
  • You can select “Allow apps to keep running after the screen is turned off” for the 1.1.1.1 app.

Why is there a persistent notification for the 1.1.1.1 app?

If you are using Android 8 or above, you will see a persistent notification from the 1.1.1.1 app saying “Your DNS queries are private and faster”.

This is required by the Android OS (8.0+) for all apps with background activity.

We set the priority of the notification to be “Low” so that it does not interfere with other important notifications on your phone.

Here is one thing you can do to hide the notification. Note that this will stop you from receiving other notifications from the 1.1.1.1 app. But here you go:

  1. Go to your Settings.
  2. Apps & Notifications.
  3. Open the 1.1.1.1 app setting from the list of apps.
  4. Tap on “Notifications” and disable it.

I disabled notification for the 1.1.1.1 app but now I am seeing another notification saying “1.1.1.1 is using battery”. Should I be worried? How can I remove it?

You should not be worried. Because you disabled notification for the app the Android OS now sends another notification warning you about battery usage not because it is consuming a lot of battery but because it is running in the background (in this case, securing all of your DNS queries!).

Here is how you can remove it:

  1. Long press on the notification until it changes and shows a toggle.
  2. Tap on the toggle, making sure its greyed out.
  3. Select “Done” to disable the notification.

I cannot add the VPN profile. How can I fix it?

You are probably using another VPN that has the “Always On” settings enabled. Please disable that and enable 1.1.1.1.

You can go to that page by using the following steps:

  1. Settings
  2. Network and Internet
  3. Advanced
  4. VPN
  5. Gear button for 1.1.1.1
  6. Enable “Always On” for 1.1.1.1