What is 1.1.1.1? Cloudflare DNS Explained
Cloudflare's 1.1.1.1 is the fastest public DNS resolver, built with a privacy-first design and audited data-handling promises. Here's how it works, how it compares, and how to set it up.
Quick Answer
Cloudflare DNS (1.1.1.1) is a free public DNS resolver run by Cloudflare. It's the fastest public resolver in most benchmarks, served from data centers in 330+ cities. It's privacy-first: Cloudflare doesn't log your IP to disk and purges query logs within 24 hours, audited annually. It supports encrypted DNS (DoH/DoT) and DNSSEC. To use it, set your DNS to 1.1.1.1 with 1.0.0.1 as secondary.
What is Cloudflare DNS?
Cloudflare DNS is a public DNS resolver, a service that translates domain names (like github.com) into IP addresses. It runs on the memorable address 1.1.1.1, an alternative to your ISP's default DNS or other public resolvers like Google DNS (8.8.8.8) and Quad9 (9.9.9.9).
Cloudflare launched the service in April 2018 with two goals: make DNS as fast as possible, and protect user privacy. It runs the resolver from Cloudflare's global network of data centers in over 330 cities, so a lookup is almost always answered by a server close to you.
The 1.1.1.1 address was donated to the project by APNIC, the regional internet registry for Asia-Pacific, which studies traffic sent to it. That partnership is part of why such a clean, easy-to-remember IP became available for a public resolver.
Cloudflare DNS Addresses
| Service | IPv4 | IPv6 | Blocks |
|---|---|---|---|
| Standard (recommended) | 1.1.1.1 1.0.0.1 | 2606:4700:4700::1111 2606:4700:4700::1001 | Nothing (no filtering) |
| Malware blocking | 1.1.1.2 1.0.0.2 | 2606:4700:4700::1112 2606:4700:4700::1002 | Malware domains |
| Family (malware + adult) | 1.1.1.3 1.0.0.3 | 2606:4700:4700::1113 2606:4700:4700::1003 | Malware + adult content |
For most users, 1.1.1.1 with 1.0.0.1 as secondary is the right choice. The secondary address keeps DNS working if the primary is temporarily unreachable. Pick the 1.1.1.2 or 1.1.1.3 variants only if you want Cloudflare to filter content.
Why Use Cloudflare DNS?
Fastest public resolver
Independent monitors like DNSPerf consistently rank 1.1.1.1 as the fastest public DNS resolver worldwide. Cloudflare answers lookups from data centers in 330+ cities, so the resolver is rarely far from the user.
Privacy-first by design
Cloudflare does not write your IP address to disk and purges query logs within 24 hours. It has pledged never to sell your data or use it for ad targeting, and it commissions an annual independent audit of those claims.
Encrypted DNS support
Supports DNS over HTTPS (DoH on port 443) and DNS over TLS (DoT on port 853). These encrypt your queries so your ISP can't see which domains you look up.
DNSSEC validation
1.1.1.1 validates DNSSEC signatures, which protects you from DNS spoofing where an attacker tries to return forged IP addresses for legitimate domains.
Optional filtering tiers
If you want protection without extra software, 1.1.1.2 blocks known malware domains and 1.1.1.3 adds adult-content filtering. Both are useful for home or family networks.
Easy mobile setup
The free 1.1.1.1 app for iOS and Android turns on encrypted DNS in one tap, with an optional WARP mode that routes traffic through Cloudflare's network for added privacy.
Cloudflare vs Google DNS vs Quad9
| Cloudflare | Google DNS | Quad9 | |
|---|---|---|---|
| Address | 1.1.1.1 | 8.8.8.8 | 9.9.9.9 |
| Median speed | Fastest | Fast | Fast |
| Malware blocking | Optional (1.1.1.2) | No | Yes (default) |
| IP logging | Purged in 24h | Yes (temporary) | No |
| DNSSEC | Yes | Yes | Yes |
| DoT / DoH | Yes | Yes | Yes |
| Operator | Cloudflare (US) | Google (US) | Non-profit (Swiss) |
| Best for | Speed + privacy | Reliability + speed | Security + privacy |
All three are strong choices. Cloudflare wins on raw speed and is the default pick if you want a fast, private resolver without built-in filtering. If you want malware blocking on by default, see Quad9. You can test how each resolves your domain with DNSFly's DNS Propagation Checker, which queries servers running Cloudflare, Google, and Quad9 across 21 global locations.
How to Set Up Cloudflare DNS
Windows
Settings → Network & Internet → Change adapter options → Right-click your connection → Properties → Internet Protocol Version 4 → Use the following DNS:
Alternate: 1.0.0.1
Mac
System Settings → Network → Select your connection → Details → DNS → Add:
1.0.0.1
Android
Settings → Network & Internet → Advanced → Private DNS → Enter hostname:
Router (protects all devices)
Log into your router's admin panel → Find DNS settings (usually under WAN or Internet) → Set DNS servers to:
Secondary: 1.0.0.1
Setting it on your router covers every device on your network (phones, laptops, smart TVs, IoT devices) without changing each one individually.
After changing your DNS, flush your DNS cache so the change takes effect right away.
When Cloudflare DNS Might Not Be Right
You want malware blocking on by default
The standard 1.1.1.1 resolver does no filtering. You can switch to 1.1.1.2, but if you want security filtering as the default with broad threat intelligence, Quad9 is built around that.
You need DNS-level ad blocking
Cloudflare's public resolver does not block ads or trackers. For that, look at Pi-hole, NextDNS, or AdGuard DNS, which maintain ad and tracker blocklists.
DNSFly earns a commission if you sign up through this link, at no extra cost to you.
A CDN sends you to a distant server
Cloudflare doesn't send your subnet to authoritative servers (no EDNS Client Subnet), which protects privacy. On a few CDNs this can occasionally route you to a less optimal server. It's rare, but worth knowing if you troubleshoot latency.
Test Your DNS Configuration
After switching to 1.1.1.1, verify your DNS is working correctly by checking how your domain resolves across 21 global servers, including locations running Cloudflare, Google, and Quad9.