Cloudflare 1.1.1.1 public DNS broken w/ AT&T CPE

Rubens Kuhl rubensk at gmail.com
Mon Apr 2 18:24:28 UTC 2018


D-Link DMG-6661 as well.


Rubens


On Mon, Apr 2, 2018 at 12:26 PM, Marty Strong via NANOG <nanog at nanog.org>
wrote:

> So far we know about a few CPEs which answer for 1.1.1.1 themselves:
>
> - Pace 5268
> - Calix GigaCenter
> - Various Cisco Wifi access points
>
> If you know of others please send them my way so we can investigate.
>
> Regards,
> Marty Strong
> --------------------------------------
> Cloudflare - AS13335
> Network Engineer
> marty at cloudflare.com
> +44 7584 906 055
> smartflare (Skype)
>
> https://www.peeringdb.com/asn/13335
>
> > On 2 Apr 2018, at 16:16, Jason Kuehl <jason.w.kuehl at gmail.com> wrote:
> >
> > Just like "S3 dependency check day" Thus begins "National 1.1.1.1 change
> > week" I've already around a few peaces of equipment sets with 1.1.1.1
> >
> > On Mon, Apr 2, 2018 at 11:05 AM, Matt Hoppes <
> > mattlists at rivervalleyinternet.net> wrote:
> >
> >> Seeing as how 1.1.1.1 isn’t suppose to be routed I’m not surprised this
> is
> >> causing odd issues.
> >>
> >>> On Apr 2, 2018, at 11:03, Darin Steffl <darin.steffl at mnwifi.com>
> wrote:
> >>>
> >>> I am behind a Calix router at home for my ISP and 1.1.1.1 goes to my
> >> router
> >>> and not any further. When I enter the IP into my browser, it opens the
> >>> login page for my router. So it appears 1.1.1.1 is used as a loopback
> in
> >> my
> >>> Calix router.
> >>>
> >>> 1.0.0.1 goes to the proper place fine.
> >>>
> >>> On Sun, Apr 1, 2018 at 3:59 PM, Jeremy L. Gaddis <lists-nanog at gadd.is>
> >>> wrote:
> >>>
> >>>> Greetings,
> >>>>
> >>>> If anyone at 7018 wants to pass a message along to the correct folks,
> >>>> please let them know that Cloudflare's new public DNS service
> (1.1.1.1)
> >>>> is completely unusable for at least some of AT&T's customers.
> >>>>
> >>>> There is apparently a bug with some CPE (including the 5268AC). From
> >>>> behind such CPE, the services at 1.1.1.1 are completely unreachable,
> >>>> whether via (ICMP) ping, DNS, or HTTPS.
> >>>>
> >>>> Using the 5268AC's web-based diagnostic tools, pinging 1.1.1.1 returns
> >>>> the following results:
> >>>>
> >>>> ping successful: icmp seq:0, time=2.364 ms
> >>>> ping successful: icmp seq:1, time=1.085 ms
> >>>> ping successful: icmp seq:2, time=1.160 ms
> >>>> ping successful: icmp seq:3, time=1.245 ms
> >>>> ping successful: icmp seq:4, time=0.739 ms
> >>>>
> >>>> RTTs to the CPE's default gateway are, at minimum, ~20 ms.
> >>>>
> >>>> A traceroute (using the same web-based diagnostic tool built-in to the
> >>>> CPE) reports, simply:
> >>>>
> >>>> traceroute 1.1.1.1 with: 64 bytes of data
> >>>>
> >>>> 1: 1.1.1.1(1dot1dot1dot1.cloudflare-dns.com), time=0 ms
> >>>>
> >>>> I haven't bothered to report this to AT&T through the standard
> customer
> >>>> support channels (for reasons that should be obvious to anyone who has
> >>>> ever called AT&T's consumer/residential technical support) but if
> anyone
> >>>> at AT&T wants to pass the info along to the appropriate group, it
> would
> >>>> certainly be appreciated.
> >>>>
> >>>> Thanks,
> >>>> -Jeremy
> >>>>
> >>>> --
> >>>> Jeremy L. Gaddis
> >>>>
> >>>>
> >>>> "The total budget at all receivers for solving senders' problems is
> >>>> $0. If you want them to accept your mail and manage it the way you
> >>>> want, send it the way the spec says to."  --John Levine
> >>>>
> >>>>
> >>>
> >>>
> >>> --
> >>> Darin Steffl
> >>> Minnesota WiFi
> >>> www.mnwifi.com
> >>> 507-634-WiFi
> >>> <http://www.facebook.com/minnesotawifi> Like us on Facebook
> >>> <http://www.facebook.com/minnesotawifi>
> >>
> >
> >
> >
> > --
> > Sincerely,
> >
> > Jason W Kuehl
> > Cell 920-419-8983
> > jason.w.kuehl at gmail.com
>
>


More information about the NANOG mailing list