Cloudflare 1.1.1.1 public DNS broken w/ AT&T CPE

Matt Hoppes mattlists at rivervalleyinternet.net
Mon Apr 2 15:29:35 UTC 2018


“Routed briefly for passive testing” sounds to me like “black hole it because legitimate traffic shouldn’t be coming to your network from it”

> On Apr 2, 2018, at 11:23, Jason Kuehl <jason.w.kuehl at gmail.com> wrote:
> 
> Not saying you're wrong. But people did it for whatever reason.
> 
>> On Mon, Apr 2, 2018 at 11:12 AM, Justin Wilson <lists at mtin.net> wrote:
>> 
>> 1.0.0.0/8 was assigned to APNIC in 2010.  Those who used it as a
>> placeholder were doing it wrong.  It is valid IP space. It just was not
>> assigned until 2010.
>> 
>> 
>> Justin Wilson
>> j2sw at mtin.net
>> 
>> www.mtin.net
>> www.midwest-ix.com
>> 
>>> On Apr 2, 2018, at 11:05 AM, Matt Hoppes <[email protected]
>> rivervalleyinternet.net> wrote:
>>> 
>>> Seeing as how 1.1.1.1 isn’t suppose to be routed I’m not surprised this
>> is causing odd issues.
>>> 
>>>> On Apr 2, 2018, at 11:03, Darin Steffl <darin.steffl at mnwifi.com> wrote:
>>>> 
>>>> I am behind a Calix router at home for my ISP and 1.1.1.1 goes to my
>> router
>>>> and not any further. When I enter the IP into my browser, it opens the
>>>> login page for my router. So it appears 1.1.1.1 is used as a loopback
>> in my
>>>> Calix router.
>>>> 
>>>> 1.0.0.1 goes to the proper place fine.
>>>> 
>>>> On Sun, Apr 1, 2018 at 3:59 PM, Jeremy L. Gaddis <lists-nanog at gadd.is>
>>>> wrote:
>>>> 
>>>>> Greetings,
>>>>> 
>>>>> If anyone at 7018 wants to pass a message along to the correct folks,
>>>>> please let them know that Cloudflare's new public DNS service (1.1.1.1)
>>>>> is completely unusable for at least some of AT&T's customers.
>>>>> 
>>>>> There is apparently a bug with some CPE (including the 5268AC). From
>>>>> behind such CPE, the services at 1.1.1.1 are completely unreachable,
>>>>> whether via (ICMP) ping, DNS, or HTTPS.
>>>>> 
>>>>> Using the 5268AC's web-based diagnostic tools, pinging 1.1.1.1 returns
>>>>> the following results:
>>>>> 
>>>>> ping successful: icmp seq:0, time=2.364 ms
>>>>> ping successful: icmp seq:1, time=1.085 ms
>>>>> ping successful: icmp seq:2, time=1.160 ms
>>>>> ping successful: icmp seq:3, time=1.245 ms
>>>>> ping successful: icmp seq:4, time=0.739 ms
>>>>> 
>>>>> RTTs to the CPE's default gateway are, at minimum, ~20 ms.
>>>>> 
>>>>> A traceroute (using the same web-based diagnostic tool built-in to the
>>>>> CPE) reports, simply:
>>>>> 
>>>>> traceroute 1.1.1.1 with: 64 bytes of data
>>>>> 
>>>>> 1: 1.1.1.1(1dot1dot1dot1.cloudflare-dns.com), time=0 ms
>>>>> 
>>>>> I haven't bothered to report this to AT&T through the standard customer
>>>>> support channels (for reasons that should be obvious to anyone who has
>>>>> ever called AT&T's consumer/residential technical support) but if
>> anyone
>>>>> at AT&T wants to pass the info along to the appropriate group, it would
>>>>> certainly be appreciated.
>>>>> 
>>>>> Thanks,
>>>>> -Jeremy
>>>>> 
>>>>> --
>>>>> Jeremy L. Gaddis
>>>>> 
>>>>> 
>>>>> "The total budget at all receivers for solving senders' problems is
>>>>> $0. If you want them to accept your mail and manage it the way you
>>>>> want, send it the way the spec says to."  --John Levine
>>>>> 
>>>>> 
>>>> 
>>>> 
>>>> --
>>>> Darin Steffl
>>>> Minnesota WiFi
>>>> www.mnwifi.com
>>>> 507-634-WiFi
>>>> <http://www.facebook.com/minnesotawifi> Like us on Facebook
>>>> <http://www.facebook.com/minnesotawifi>
>>> 
>> 
>> 
> 
> 
> -- 
> Sincerely,
> 
> Jason W Kuehl
> Cell 920-419-8983
> jason.w.kuehl at gmail.com


More information about the NANOG mailing list