Cloudflare’s 1.1.1.1 DNS Suffers Global Outage Due to Internal Configuration Error

The 1.1.1.1 public DNS service operated by Cloudflare—second in global usage only to Google’s 8.8.8.8—experienced a large-scale worldwide outage on July 14, 2025. The disruption left vast numbers of users unable to access websites or utilize various online services.

The sheer scale of the incident sparked widespread speculation across social media. Some users hypothesized a cyberattack on Cloudflare, while others suspected the more severe possibility of a BGP hijack.

BGP hijacking refers to a malicious rerouting of internet traffic, where an attacker falsely announces ownership of IP address blocks (known as prefixes) they do not control, thereby redirecting data. It’s akin to altering highway signs to mislead drivers toward the wrong exit. Executing such an attack typically requires a high level of technical sophistication—or internal collusion within a telecom operator—and its potential impact on global internet routing is profound. As such, BGP hijacking is considered a critical security threat.

In response to the rampant online speculation, Cloudflare issued a statement clarifying the cause of the outage. According to the company, the incident was not the result of a cyberattack or BGP hijack but rather stemmed from an internal configuration error.

Specifically, on June 6, 2025, Cloudflare made configuration changes to its DLS (Data Location Service) suite. An error in this update inadvertently routed the IP prefix of the 1.1.1.1 resolver to a non-production DLS environment. On July 14 at 21:48 UTC, a newly deployed update added a test location to this non-production environment, unintentionally causing 1.1.1.1 traffic to be redirected away from production data centers to an offline testing site. This misconfiguration resulted in a global outage of the 1.1.1.1 service.

Just four minutes after the misrouting occurred, a sharp decline in DNS resolution traffic was observed. Roughly thirty minutes later, Cloudflare re-announced the previously withdrawn BGP prefixes, restoring normal routing. Within an hour of the initial disruption, the 1.1.1.1 service had resumed normal operations across all regions.

It is important to note that the outage affected the entirety of Cloudflare’s 1.1.1.1 service, not just the singular IP address. As a result, addresses including 1.0.0.1, 2606:4700:4700::1111, and 2606:4700:4700::1001 were also impacted. Interestingly, the 1.1.1.1 DNS-over-HTTPS (DoH) service remained largely unaffected, as it operates under a different routing model via cloudflare-dns.com.

Related Posts:

• Telegram traffic was hijacked
• ARTEMIS: Real-Time Detection and Automatic Mitigation for Border Gateway Protocol (BGP) Prefix Hijacking
• Cloudflare’s 1.1.1.1 DNS Service Disrupted by BGP Hijacking and Route Leak
• Cisco Alerts on Public Disclosure of CVE-2025-20115 – BGP Flaw Puts Networks at Risk
• Double Trouble: DDoS and Internal Errors Cause Major Microsoft Azure Outage