If no ServerAddresses are provided, the hostname will be used to determine the server addresses. This key must be present only if the DNSProtocol is TLS.
The ServerName string used is cloudflare-dns.com which is in the X509v3 Subject Alternative Name of the certificate, but resolves to web servers for Cloudflare's DNS. The ServerName should probably be one.one.one.one which resolves to the actual DNS servers.
https://developer.apple.com/documentation/devicemanagement/dnssettings/dnssettings
If no
ServerAddresses
are provided, the hostname will be used to determine the server addresses. This key must be present only if the DNSProtocol is TLS.The
ServerName
string used iscloudflare-dns.com
which is in the X509v3 Subject Alternative Name of the certificate, but resolves to web servers for Cloudflare's DNS. TheServerName
should probably beone.one.one.one
which resolves to the actual DNS servers.