Cloudflare 1.1.1.1 public DNS broken w/ AT&T CPE

John Levine johnl at iecc.com
Mon Apr 2 15:17:47 UTC 2018


In article <20180402150821.GA24937 at cmadams.net> you write:
>Once upon a time, Matt Hoppes <mattlists at rivervalleyinternet.net> said:
>> Seeing as how 1.1.1.1 isn’t suppose to be routed
>
>[citation needed]

Look at the WHOIS info -- 1.1.1.0/24 is assigned to APNIC Research, and it says

remarks:        ++++++++++++++++++
remarks:        + Address blocks listed with this contact
remarks:        + are withheld from general use and are
remarks:        + only routed briefly for passive testing.
remarks:        +
remarks:        + If you are receiving unwanted traffic
remarks:        + it is almost certainly spoofed source
remarks:        + or hijacked address usage.

There's a comment at the top saying:

descr:          APNIC and Cloudflare DNS Resolver project
descr:          Routed globally by AS13335/Cloudflare
descr:          Research prefix for APNIC Labs

So it's routed deliberately but it sure looks like an experiment.
There's way too much equipment that treats 1.1.1.1 as magic for it to
work reliably.  Captive portals tend to use that address for the host
you contact to log out.

R's,
John


More information about the NANOG mailing list