Cloudflare 1.1.1.1 public DNS broken w/ AT&T CPE

Marty Strong marty at cloudflare.com
Mon Apr 2 15:26:13 UTC 2018


So far we know about a few CPEs which answer for 1.1.1.1 themselves:

- Pace 5268
- Calix GigaCenter
- Various Cisco Wifi access points

If you know of others please send them my way so we can investigate. 

Regards,
Marty Strong
--------------------------------------
Cloudflare - AS13335
Network Engineer
marty at cloudflare.com
+44 7584 906 055
smartflare (Skype)

https://www.peeringdb.com/asn/13335

> On 2 Apr 2018, at 16:16, Jason Kuehl <jason.w.kuehl at gmail.com> wrote:
> 
> Just like "S3 dependency check day" Thus begins "National 1.1.1.1 change
> week" I've already around a few peaces of equipment sets with 1.1.1.1
> 
> On Mon, Apr 2, 2018 at 11:05 AM, Matt Hoppes <
> mattlists at rivervalleyinternet.net> wrote:
> 
>> Seeing as how 1.1.1.1 isn’t suppose to be routed I’m not surprised this is
>> causing odd issues.
>> 
>>> On Apr 2, 2018, at 11:03, Darin Steffl <darin.steffl at mnwifi.com> wrote:
>>> 
>>> I am behind a Calix router at home for my ISP and 1.1.1.1 goes to my
>> router
>>> and not any further. When I enter the IP into my browser, it opens the
>>> login page for my router. So it appears 1.1.1.1 is used as a loopback in
>> my
>>> Calix router.
>>> 
>>> 1.0.0.1 goes to the proper place fine.
>>> 
>>> On Sun, Apr 1, 2018 at 3:59 PM, Jeremy L. Gaddis <lists-nanog at gadd.is>
>>> wrote:
>>> 
>>>> Greetings,
>>>> 
>>>> If anyone at 7018 wants to pass a message along to the correct folks,
>>>> please let them know that Cloudflare's new public DNS service (1.1.1.1)
>>>> is completely unusable for at least some of AT&T's customers.
>>>> 
>>>> There is apparently a bug with some CPE (including the 5268AC). From
>>>> behind such CPE, the services at 1.1.1.1 are completely unreachable,
>>>> whether via (ICMP) ping, DNS, or HTTPS.
>>>> 
>>>> Using the 5268AC's web-based diagnostic tools, pinging 1.1.1.1 returns
>>>> the following results:
>>>> 
>>>> ping successful: icmp seq:0, time=2.364 ms
>>>> ping successful: icmp seq:1, time=1.085 ms
>>>> ping successful: icmp seq:2, time=1.160 ms
>>>> ping successful: icmp seq:3, time=1.245 ms
>>>> ping successful: icmp seq:4, time=0.739 ms
>>>> 
>>>> RTTs to the CPE's default gateway are, at minimum, ~20 ms.
>>>> 
>>>> A traceroute (using the same web-based diagnostic tool built-in to the
>>>> CPE) reports, simply:
>>>> 
>>>> traceroute 1.1.1.1 with: 64 bytes of data
>>>> 
>>>> 1: 1.1.1.1(1dot1dot1dot1.cloudflare-dns.com), time=0 ms
>>>> 
>>>> I haven't bothered to report this to AT&T through the standard customer
>>>> support channels (for reasons that should be obvious to anyone who has
>>>> ever called AT&T's consumer/residential technical support) but if anyone
>>>> at AT&T wants to pass the info along to the appropriate group, it would
>>>> certainly be appreciated.
>>>> 
>>>> Thanks,
>>>> -Jeremy
>>>> 
>>>> --
>>>> Jeremy L. Gaddis
>>>> 
>>>> 
>>>> "The total budget at all receivers for solving senders' problems is
>>>> $0. If you want them to accept your mail and manage it the way you
>>>> want, send it the way the spec says to."  --John Levine
>>>> 
>>>> 
>>> 
>>> 
>>> --
>>> Darin Steffl
>>> Minnesota WiFi
>>> www.mnwifi.com
>>> 507-634-WiFi
>>> <http://www.facebook.com/minnesotawifi> Like us on Facebook
>>> <http://www.facebook.com/minnesotawifi>
>> 
> 
> 
> 
> -- 
> Sincerely,
> 
> Jason W Kuehl
> Cell 920-419-8983
> jason.w.kuehl at gmail.com



More information about the NANOG mailing list