DNS query volume from AS32298
Copy linkDNS queries to 1.1.1.1
Learn more...The traffic analysis presented here is based on anonymized DNS query logs, in accordance with Cloudflare's Privacy Policy, as well as our 1.1.1.1 Public DNS Resolver privacy commitments.
DNSSEC adds a signing layer to DNS, protecting responses from tampering
Posts tagged with "1.1.1.1" from the Cloudflare blog
When a failed DNSSEC key rollover took down the .AL TLD, we deployed a Negative Trust Anchor to restore resolution. This time, though, clients didn't have to take our word for it: 1.1.1.1 returned EDE 33, a new DNS error code that signals directly in the response that DNSSEC validation was bypassed.
On May 5, 2026, DENIC published broken DNSSEC signatures for the .de TLD, making millions of domains unreachable. Here's what 1.1.1.1 saw, how serve stale cushioned the impact, and how we restored resolution.
Eight years ago, we launched 1.1.1.1 to build a faster, more private Internet. Today, we’re sharing the results of our latest independent examination. The result: our privacy protections are working exactly as promised.