Cloudflare 1.1.1.1 public DNS broken w/ AT&T CPE

Jeremy L. Gaddis lists-nanog at gadd.is
Sun Apr 1 20:59:52 UTC 2018


Greetings,

If anyone at 7018 wants to pass a message along to the correct folks,
please let them know that Cloudflare's new public DNS service (1.1.1.1)
is completely unusable for at least some of AT&T's customers.

There is apparently a bug with some CPE (including the 5268AC). From
behind such CPE, the services at 1.1.1.1 are completely unreachable,
whether via (ICMP) ping, DNS, or HTTPS.

Using the 5268AC's web-based diagnostic tools, pinging 1.1.1.1 returns
the following results:

  ping successful: icmp seq:0, time=2.364 ms
  ping successful: icmp seq:1, time=1.085 ms
  ping successful: icmp seq:2, time=1.160 ms
  ping successful: icmp seq:3, time=1.245 ms
  ping successful: icmp seq:4, time=0.739 ms

RTTs to the CPE's default gateway are, at minimum, ~20 ms.

A traceroute (using the same web-based diagnostic tool built-in to the
CPE) reports, simply:

  traceroute 1.1.1.1 with: 64 bytes of data

  1: 1.1.1.1(1dot1dot1dot1.cloudflare-dns.com), time=0 ms

I haven't bothered to report this to AT&T through the standard customer
support channels (for reasons that should be obvious to anyone who has
ever called AT&T's consumer/residential technical support) but if anyone
at AT&T wants to pass the info along to the appropriate group, it would
certainly be appreciated.

Thanks,
-Jeremy

-- 
Jeremy L. Gaddis


"The total budget at all receivers for solving senders' problems is
$0. If you want them to accept your mail and manage it the way you
want, send it the way the spec says to."  --John Levine



More information about the NANOG mailing list