Cloudflare 1.1.1.1 public DNS broken w/ Xerox Phaser MFP

Daniel Dent nanog-list at contactdaniel.net
Tue Apr 3 20:39:24 UTC 2018


On a Xerox Phaser 3635MFP printer running the latest firmware, when 
attempting to configure it to use 1.1.1.1 for DNS, it throws the 
following error: "The following Alternate DNS Server 1 addresses are not 
permitted: 1.1.1.1 and 255.255.255.255".

I suspect this was intended to prevent people from putting in an 
"invalid" placeholder, but the assumption that 1.1.1.1 would never be an 
actual DNS server that somebody might actually wish to use appears to 
have been unwise.

Daniel Dent

https://www.danieldent.com

On 2018-04-02 12:32 PM, Marty Strong via NANOG wrote:
> Do you have one?
>
> Do you know what is causing it to fail? i.e. IP on internal interface etc.
>
> Regards,
> Marty Strong
> --------------------------------------
> Cloudflare - AS13335
> Network Engineer
> marty at cloudflare.com
> +44 7584 906 055
> smartflare (Skype)
>
> https://www.peeringdb.com/asn/13335
>
>> On 2 Apr 2018, at 19:24, Rubens Kuhl <rubensk at gmail.com> wrote:
>>
>> D-Link DMG-6661 as well.
>>
>>
>> Rubens
>>
>>
>> On Mon, Apr 2, 2018 at 12:26 PM, Marty Strong via NANOG <nanog at nanog.org> wrote:
>> So far we know about a few CPEs which answer for 1.1.1.1 themselves:
>>
>> - Pace 5268
>> - Calix GigaCenter
>> - Various Cisco Wifi access points
>>
>> If you know of others please send them my way so we can investigate.
>>
>> Regards,
>> Marty Strong
>> --------------------------------------
>> Cloudflare - AS13335
>> Network Engineer
>> marty at cloudflare.com
>> +44 7584 906 055
>> smartflare (Skype)
>>
>> https://www.peeringdb.com/asn/13335
>>
>>> On 2 Apr 2018, at 16:16, Jason Kuehl <jason.w.kuehl at gmail.com> wrote:
>>>
>>> Just like "S3 dependency check day" Thus begins "National 1.1.1.1 change
>>> week" I've already around a few peaces of equipment sets with 1.1.1.1
>>>
>>> On Mon, Apr 2, 2018 at 11:05 AM, Matt Hoppes <
>>> mattlists at rivervalleyinternet.net> wrote:
>>>
>>>> Seeing as how 1.1.1.1 isn’t suppose to be routed I’m not surprised this is
>>>> causing odd issues.
>>>>
>>>>> On Apr 2, 2018, at 11:03, Darin Steffl <darin.steffl at mnwifi.com> wrote:
>>>>>
>>>>> I am behind a Calix router at home for my ISP and 1.1.1.1 goes to my
>>>> router
>>>>> and not any further. When I enter the IP into my browser, it opens the
>>>>> login page for my router. So it appears 1.1.1.1 is used as a loopback in
>>>> my
>>>>> Calix router.
>>>>>
>>>>> 1.0.0.1 goes to the proper place fine.
>>>>>
>>>>> On Sun, Apr 1, 2018 at 3:59 PM, Jeremy L. Gaddis <lists-nanog at gadd.is>
>>>>> wrote:
>>>>>
>>>>>> Greetings,
>>>>>>
>>>>>> If anyone at 7018 wants to pass a message along to the correct folks,
>>>>>> please let them know that Cloudflare's new public DNS service (1.1.1.1)
>>>>>> is completely unusable for at least some of AT&T's customers.
>>>>>>
>>>>>> There is apparently a bug with some CPE (including the 5268AC). From
>>>>>> behind such CPE, the services at 1.1.1.1 are completely unreachable,
>>>>>> whether via (ICMP) ping, DNS, or HTTPS.
>>>>>>
>>>>>> Using the 5268AC's web-based diagnostic tools, pinging 1.1.1.1 returns
>>>>>> the following results:
>>>>>>
>>>>>> ping successful: icmp seq:0, time=2.364 ms
>>>>>> ping successful: icmp seq:1, time=1.085 ms
>>>>>> ping successful: icmp seq:2, time=1.160 ms
>>>>>> ping successful: icmp seq:3, time=1.245 ms
>>>>>> ping successful: icmp seq:4, time=0.739 ms
>>>>>>
>>>>>> RTTs to the CPE's default gateway are, at minimum, ~20 ms.
>>>>>>
>>>>>> A traceroute (using the same web-based diagnostic tool built-in to the
>>>>>> CPE) reports, simply:
>>>>>>
>>>>>> traceroute 1.1.1.1 with: 64 bytes of data
>>>>>>
>>>>>> 1: 1.1.1.1(1dot1dot1dot1.cloudflare-dns.com), time=0 ms
>>>>>>
>>>>>> I haven't bothered to report this to AT&T through the standard customer
>>>>>> support channels (for reasons that should be obvious to anyone who has
>>>>>> ever called AT&T's consumer/residential technical support) but if anyone
>>>>>> at AT&T wants to pass the info along to the appropriate group, it would
>>>>>> certainly be appreciated.
>>>>>>
>>>>>> Thanks,
>>>>>> -Jeremy
>>>>>>
>>>>>> --
>>>>>> Jeremy L. Gaddis
>>>>>>
>>>>>>
>>>>>> "The total budget at all receivers for solving senders' problems is
>>>>>> $0. If you want them to accept your mail and manage it the way you
>>>>>> want, send it the way the spec says to."  --John Levine
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> Darin Steffl
>>>>> Minnesota WiFi
>>>>> www.mnwifi.com
>>>>> 507-634-WiFi
>>>>> <http://www.facebook.com/minnesotawifi> Like us on Facebook
>>>>> <http://www.facebook.com/minnesotawifi>
>>>
>>>
>>> --
>>> Sincerely,
>>>
>>> Jason W Kuehl
>>> Cell 920-419-8983
>>> jason.w.kuehl at gmail.com
>>



More information about the NANOG mailing list