diff --git a/certbot/src/acme_client.rs b/certbot/src/acme_client.rs
index f5ae739f..e8f60f43 100644
--- a/certbot/src/acme_client.rs
+++ b/certbot/src/acme_client.rs
@@ -4,7 +4,10 @@
 
 use anyhow::{bail, Context, Result};
 use fs_err as fs;
-use hickory_resolver::error::ResolveErrorKind;
+use hickory_resolver::{
+    config::{ResolverConfig, ResolverOpts},
+    error::ResolveErrorKind,
+};
 use instant_acme::{
     Account, AccountCredentials, AuthorizationStatus, ChallengeType, Identifier, NewAccount,
     NewOrder, Order, OrderStatus, Problem,
@@ -347,8 +350,9 @@ impl AcmeClient {
 
             sleep(delay).await;
 
+            debug!("Creating Google DNS resolver for verification");
             let dns_resolver =
-                AsyncResolver::tokio_from_system_conf().context("failed to create dns resolver")?;
+                AsyncResolver::tokio(ResolverConfig::google(), ResolverOpts::default());
 
             while let Some(challenge) = unsettled_challenges.pop() {
                 let expected_txt = &challenge.dns_value;
diff --git a/certbot/src/dns01_client/cloudflare.rs b/certbot/src/dns01_client/cloudflare.rs
index 408f181a..06f6d290 100644
--- a/certbot/src/dns01_client/cloudflare.rs
+++ b/certbot/src/dns01_client/cloudflare.rs
@@ -115,6 +115,7 @@ impl Dns01Api for CloudflareClient {
 
         let response = client
             .get(&url)
+            .query(&[("name", domain)])
             .header("Authorization", format!("Bearer {}", self.api_token))
             .send()
             .await?;
@@ -131,12 +132,7 @@ impl Dns01Api for CloudflareClient {
         let response: CloudflareResponse =
             response.json().await.context("failed to parse response")?;
 
-        let records = response
-            .result
-            .into_iter()
-            .filter(|record| record.name == domain)
-            .collect();
-        Ok(records)
+        Ok(response.result)
     }
 }