1.1.1.1 support?

Alexander Huynh nanog at e.sc
Wed Mar 22 13:49:14 UTC 2023 

On 2023-03-22 10:36:03 +0200, Saku Ytti wrote:
>Am I correct to understand that 1.1.1.1 only does support via community forum?

The community forum is our preferred method of support, yes.

>Why not build a web form where they ask you to explain what is not
>working, in terms of automatically testable. Like no A record for X.
>Then after you submit this form, they test against all 1.1.1.1 and
>some 9.9.9.9 and 8.8.8.8 and if they find a difference in behaviour,
>the ticket is accepted and sent to someone who understands DNS? If
>there is no difference in behaviour, direct people to community
>forums.

I'll take this feedback to our developers.

>https://community.cloudflare.com/t/1-1-1-1-wont-resolve-www-moi-gov-cy-in-lca-235m3/487469
>https://community.cloudflare.com/t/1-1-1-1-failing-to-resolve/474228

I took a look at the above tickets, and it seems that one of the egress 
ranges from that datacenter cannot connect to the authoritative 
nameservers of `www.moi.gov.cy`: `ns01.gov.cy` and `ns02.gov.cy`.

Here's a redacted pcap for those who like details, showing no response:

     IP a.b.c.d.56552 > 212.31.118.19.53: 51873+ [1au] A? www.moi.gov.cy. (55)
     IP a.b.c.d.51718 > 212.31.118.20.53: 31021+ [1au] A? www.moi.gov.cy. (55)

TCP behaves similarly.

The source prefixes having issues connecting to 212.31.118.19 and 
212.31.118.20 are: 172.68.130.0/24, while a neighbouring source prefix 
172.68.171.0/24 seems to connect fine.

I'm filing an internal ticket right now to investigate, but I'd 
appreciate if you could also help us on your end for any possible 
solutions regarding this connectivity failure.

As a general note regarding the two community posts: the straight deep 
dive into technical information makes it more difficult for others to 
interpret the request. As you said in a later post here:

>I know almost none of them will have the ability to understand why 
>there is a problem or remediate it.

Not everyone in the Community Forum (nor our company) can pull out the 
specific datacenter used, the specific machine(s) used, and the source 
ASN from the `my.ip.fi` curl.

An preamble will greatly help in context.

Thanks for reaching out and sorry that you had to escalate to another 
medium,
-- 
alex [at] e [dot] sc
alexander [at] cloudflare [dot] com

More information about the NANOG mailing list