Rapid Prototyping Of Developer Tooling Using An Ai Coding Assistant To Compare Resolver Behaviors

Issue 81 Edition 2026-03-22 4 min read

Not accepted General

Sources: 1 • Confidence: Medium • Updated: 2026-04-13 03:52

Key takeaways

Cloudflare's 1.1.1.1 DNS resolver provides a CORS-enabled JSON API.
Cloudflare's 1.1.1.2 resolver is positioned as blocking malware.
Cloudflare's 1.1.1.3 resolver is positioned as blocking both malware and adult content.
The author used Claude Code to build a UI that runs DNS queries against Cloudflare's 1.1.1.1, 1.1.1.2, and 1.1.1.3 resolvers.

Cloudflare's 1.1.1.1 DNS resolver provides a CORS-enabled JSON API.
Cloudflare's 1.1.1.2 resolver is positioned as blocking malware.
Cloudflare's 1.1.1.3 resolver is positioned as blocking both malware and adult content.
The author used Claude Code to build a UI that runs DNS queries against Cloudflare's 1.1.1.1, 1.1.1.2, and 1.1.1.3 resolvers.

Cloudflare's 1.1.1.2 resolver is positioned as blocking malware.
Cloudflare's 1.1.1.3 resolver is positioned as blocking both malware and adult content.

What are the exact 1.1.1.1 JSON API endpoint(s), request/response schema, and the specific CORS headers returned under real browser conditions?
What rate limits, acceptable use constraints, or pricing/quotas (if any) apply to the CORS-enabled JSON API usage from browsers?
How do 1.1.1.2 and 1.1.1.3 represent blocking in practice (e.g., NXDOMAIN vs synthetic IP vs other response), and what is the consistency across domain categories?
What are the false-positive and false-negative characteristics of the malware and adult-content blocking behavior for the resolver variants?
Is the reported UI publicly available, and if so, what implementation approach does it use (direct DoH JSON calls, caching, concurrency, error handling) to ensure correctness?

CORS-enabled DNS-over-HTTPS JSON access could lower friction for browser-based diagnostics, potentially increasing developer usage of Cloudflare resolver tooling patterns.
Multiple resolver variants positioned around malware and adult-content filtering suggest DNS-layer policy selection as a simple control surface, which could raise interest in Cloudflare security-oriented DNS services.
AI-assisted rapid prototyping of a resolver-comparison UI hints that lightweight client-side tools could emerge that test and validate DNS filtering behavior across policies.

Clear documentation and stable, browser-usable CORS headers for the 1.1.1.1 JSON API, including disclosed rate limits or acceptable use terms that support client-side tooling.
Consistent and measurable blocking behavior for 1.1.1.2 and 1.1.1.3 across categories, with transparent response semantics that developers can reliably detect in UIs.
Public availability or reproducible examples of the reported UI approach demonstrating direct DoH JSON calls in-browser with robust handling of caching, concurrency, and errors.

CORS behavior is inconsistent in real browsers or restricted, requiring a backend proxy for DoH JSON queries, reducing the claimed simplicity of client-side diagnostics.
Rate limits, quotas, or usage constraints make browser-based high-frequency diagnostics impractical for typical developer tooling use cases.
Filtering outcomes for 1.1.1.2 and 1.1.1.3 are inconsistent or hard to interpret, limiting the usefulness of resolver selection as a low-touch policy control.