A more than one-hour outage of the popular 1.1.1.1 service left millions of users without connectivity. The lesson: diversifying DNS servers is essential to ensure continuous Internet access.
On Monday, July 14, 2025, Cloudflare—one of the most popular providers of free, low-latency DNS services—experienced a global outage of its 1.1.1.1 service that lasted 62 minutes. During that period, millions of users worldwide saw their Internet browsing come to a complete halt. The failure, publicly acknowledged the next day by the company itself, originated from a misconfiguration within their internal systems that affected how their resolver IP addresses are advertised to the rest of the Internet.
The outage was not caused by a cyberattack or BGP hijacking, but by human error introduced weeks earlier, which remained inactive until a global configuration update disabled access to the IP addresses used by the 1.1.1.1 DNS service. This led to a massive withdrawal of IP prefixes in Cloudflare’s data centers, causing most DNS queries to go unanswered.
When your only DNS fails, the Internet fails
During the incident, anyone configured to use only 1.1.1.1 and 1.0.0.1 as their DNS servers saw all Internet connections stop working, including web browsing, messaging, apps, and cloud services. Many users spent time rebooting routers and devices without suspecting that the problem was at the name resolution layer.
This highlights a common and risky practice: using only a primary and secondary DNS provider from the same source. If both rely on shared infrastructure—as with Cloudflare or Google—a technical outage can affect both simultaneously.
The solution: use DNS from different providers
To increase resilience against such failures, experts recommend mixing DNS providers. That is, configuring a primary DNS server from one provider and a secondary from another. This way, if one experiences an outage, the other can continue resolving names and maintaining connectivity.
For example:
| Provider | Primary DNS | Secondary DNS |
|---|---|---|
| Cloudflare | 1.1.1.1 | 1.0.0.1 |
| 8.8.8.8 | 8.8.4.4 | |
| Quad9 (IBM) | 9.9.9.9 | 149.112.112.112 |
| DNS4EU (EU) | 194.242.2.2 | 2a0d:2a00:1::2 |
| Yandex | 77.88.8.8 | 77.88.8.1 |
| OpenDNS (Cisco) | 208.67.222.222 | 208.67.220.220 |
A robust setup might be using 1.1.1.1 (Cloudflare) as primary and 8.8.8.8 (Google) as secondary. Even if one provider experiences an outage, the other will still resolve names and keep your connection active.
⚠️ Keep in mind, this strategy is not recommended if you’re using DNS services with content filtering (such as ad blocking or parental controls), as filtering behavior may vary between providers.
How does Windows manage DNS queries?
According to Microsoft’s documentation, the OS first queries the primary DNS server. If there’s no response within one second, it moves to the secondary. If that also doesn’t respond, it retries. After multiple failed attempts, the request is marked as failed.
This means that even a brief outage of the primary DNS can cause slowdowns or interruptions if the secondary is also from the same provider and experiencing issues. This underscores the importance of diversification.
The technical background of Cloudflare’s outage
The incident, detailed in Cloudflare’s official analysis, was caused by a misconfiguration introduced on June 6 in a pre-production data localization service of their platform. When activated weeks later, this misconfiguration disconnected the global network from the 1.1.1.1 resolver, removing BGP advertisements in all their production data centers.
As a result, the IP addresses used by millions of users were no longer visible in the global Internet routing table. Although the issue was quickly resolved (within 62 minutes), the DNS resolution loss had immediate and visible effects.
Interestingly, during the outage, an unauthorized advertisement of the 1.1.1.0/24 network was detected from Tata Communications (AS4755). While this was not the cause of the problem, it became noticeable due to the withdrawal of legitimate prefixes.
Lessons learned for users and administrators
- Never rely on both DNS servers from the same provider without an alternative.
- Keep a list of reliable, updated public DNS options. You can see some at DNSgratis.com.
- Consider the implications if you’re using content filtering, as combining services may neutralize the filtering.
- For network or server administrators, consider implementing redundant DNS at the system, router, and firewall levels, with active monitoring.
This event emphasizes how a single DNS resolution point can take even advanced users offline. Although Cloudflare responded transparently and quickly, their global incident underscores the importance of good practices in configuring Internet access.
For more technical details and free DNS alternatives, visit DNSgratis.com. If you’re seeking greater control and privacy, you might also explore private cloud solutions like those offered by Stackscale.