> Why else would they provide this service for free?

Cloudflare runs the largest authoritative DNS server for their customers. The best way to make the DNS server faster is to make users query it directly.

For Cloudflare-hosted domains, instead of:

   User → ISP's DNS resolver → ns.cloudflare.com.
you get:

   User → [ 1111 → ns.cloudflare.com. ]
where the latter two are on the same machine.

I work at Cloudflare, this is correct. runs on our existing hardware deployed around the world, it costs us very little. When you use it it improves performance for the 8 million or so sites we sit in front of, that's our actual business.

Mozilla sends people to https://mozilla.cloudflare-dns.com/dns-query.

Can you explain why this site is blocked by uMatrix?

Strange, uMatrix doesn't block that site for me. It just doesn't have any content.

