1.0.0.1 not answering DNS queries

Hi,

I’m having the weirdest trouble with 1.0.0.1 while at the same time 1.1.1.1 works like a charm. Here’s some logs as requested:

; <<>> DiG 9.16.13 <<>> google.com @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59389
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		98	IN	A	172.217.169.110

;; Query time: 3 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri Apr 16 18:01:03 EEST 2021
;; MSG SIZE  rcvd: 55
  • dig google.com @1.0.0.1:
; <<>> DiG 9.16.13 <<>> google.com @1.0.0.1
;; global options: +cmd
;; connection timed out; no servers could be reached
  • dig +short CHAOS TXT id.server @1.1.1.1: "SOF"
  • dig +short CHAOS TXT id.server @1.0.0.1: ;; connection timed out; no servers could be reached
  • traceroute 1.1.1.1:
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
 1  _gateway (192.168.152.1)  0.265 ms  0.513 ms  0.592 ms
 2  77.76.137.1 (77.76.137.1)  2.080 ms  2.108 ms  2.043 ms
 3  mgate.m-real.net (77.76.140.211)  2.125 ms  2.161 ms  2.088 ms
 4  cloudflare.bix.bg (193.169.198.68)  3.867 ms  5.224 ms  5.295 ms
 5  one.one.one.one (1.1.1.1)  3.941 ms  3.923 ms  4.206 ms
  • traceroute 1.0.0.1:
traceroute to 1.0.0.1 (1.0.0.1), 30 hops max, 60 byte packets
 1  _gateway (192.168.152.1)  0.289 ms  1.120 ms  1.107 ms
 2  77.76.137.1 (77.76.137.1)  1.591 ms  1.574 ms  1.558 ms
 3  mgate.m-real.net (77.76.140.211)  1.610 ms  1.593 ms  1.635 ms
 4  cloudflare.bix.bg (193.169.198.68)  5.054 ms  5.459 ms  5.520 ms
 5  one.one.one.one (1.0.0.1)  4.107 ms  4.007 ms  3.801 ms
  • dig +tcp @1.1.1.1 id.server CH TXT:
; <<>> DiG 9.16.13 <<>> +tcp @1.1.1.1 id.server CH TXT
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16274
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;id.server.			CH	TXT

;; ANSWER SECTION:
id.server.		0	CH	TXT	"SOF"

;; Query time: 6 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri Apr 16 18:07:30 EEST 2021
;; MSG SIZE  rcvd: 43
  • dig +tcp @1.0.0.1 id.server CH TXT:
; <<>> DiG 9.16.13 <<>> +tcp @1.0.0.1 id.server CH TXT
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36004
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;id.server.			CH	TXT

;; ANSWER SECTION:
id.server.		0	CH	TXT	"SOF"

;; Query time: 3 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Fri Apr 16 18:07:37 EEST 2021
;; MSG SIZE  rcvd: 43
  • openssl s_client -connect 1.1.1.1:853:
CONNECTED(00000003)
Can't use SSL_get_servername
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert TLS Hybrid ECC SHA384 2020 CA1
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = cloudflare-dns.com
verify return:1
---
Certificate chain
 0 s:C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = cloudflare-dns.com
   i:C = US, O = DigiCert Inc, CN = DigiCert TLS Hybrid ECC SHA384 2020 CA1
 1 s:C = US, O = DigiCert Inc, CN = DigiCert TLS Hybrid ECC SHA384 2020 CA1
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFhjCCBQ2gAwIBAgIQBQdvZtEbaSJWzKzVRv/sUzAKBggqhkjOPQQDAzBWMQsw
CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTAwLgYDVQQDEydEaWdp
Q2VydCBUTFMgSHlicmlkIEVDQyBTSEEzODQgMjAyMCBDQTEwHhcNMjEwMTExMDAw
MDAwWhcNMjIwMTE4MjM1OTU5WjByMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2Fs
aWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRm
bGFyZSwgSW5jLjEbMBkGA1UEAxMSY2xvdWRmbGFyZS1kbnMuY29tMFkwEwYHKoZI
zj0CAQYIKoZIzj0DAQcDQgAEF60f6DWvcNONnJ5k/UceW5cMCtEQqCYyETZmTRKZ
w+Exu/UhY3PdpcHBoPBtpMRe4cLb2vkNNIAa97ngOvLVdKOCA58wggObMB8GA1Ud
IwQYMBaAFAq8CCkXjKU5bXoOzjPHLrPt+8N6MB0GA1UdDgQWBBThtvwG+bmLBfTB
4kibArkLwbU9eTCBpgYDVR0RBIGeMIGbghJjbG91ZGZsYXJlLWRucy5jb22CFCou
Y2xvdWRmbGFyZS1kbnMuY29tgg9vbmUub25lLm9uZS5vbmWHBAEBAQGHBAEAAAGH
BKKfJAGHBKKfLgGHECYGRwBHAAAAAAAAAAAAERGHECYGRwBHAAAAAAAAAAAAEAGH
ECYGRwBHAAAAAAAAAAAAAGSHECYGRwBHAAAAAAAAAAAAZAAwDgYDVR0PAQH/BAQD
AgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBlwYDVR0fBIGPMIGM
MESgQqBAhj5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUTFNIeWJy
aWRFQ0NTSEEzODQyMDIwQ0ExLmNybDBEoEKgQIY+aHR0cDovL2NybDQuZGlnaWNl
cnQuY29tL0RpZ2lDZXJ0VExTSHlicmlkRUNDU0hBMzg0MjAyMENBMS5jcmwwSwYD
VR0gBEQwQjA2BglghkgBhv1sAQEwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5k
aWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsG
AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0
dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU0h5YnJpZEVDQ1NI
QTM4NDIwMjBDQTEuY3J0MAwGA1UdEwEB/wQCMAAwggEEBgorBgEEAdZ5AgQCBIH1
BIHyAPAAdgApeb7wnjk5IfBWc59jpXflvld9nGAK+PlNXSZcJV3HhAAAAXby6BKo
AAAEAwBHMEUCIQDRsvaM+FOVneTUUwY0ggKKCuqKp7wnHvtWHtEUZB+uZwIgJbGG
3Rsq548BxED2wxZ4q2G/9jo0/EeIEwdl9GC7NEIAdgAiRUUHWVUkVpY/oS/x922G
4CMmY63AS39dxoNcbuIPAgAAAXby6BMPAAAEAwBHMEUCIQCV3RpnSizsrJ1vi/48
/qT1PoclZYI3N51mveRdD2gkWQIgdWX+MLuAa8ziuKGIlqjoAiaOvs/4IfqthaAN
h6HW8TQwCgYIKoZIzj0EAwMDZwAwZAIwJMLPbL32rtHJ1R9KdC48PdHAPtzXG9OU
cVv+pYYWJoIBItMKbvyYtdLiueUHaXeWAjBFe2+Cpn22YsMxhdW1NV1PTISIrBoA
PQyEQNywp8ocEycVHjf5RsOu2f35uSOLfyo=
-----END CERTIFICATE-----
subject=C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = cloudflare-dns.com

issuer=C = US, O = DigiCert Inc, CN = DigiCert TLS Hybrid ECC SHA384 2020 CA1

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2822 bytes and written 373 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 913C76A921CD44A79054FD679BF2913137D8055532136D72B1750C5B53D7A4C1
    Session-ID-ctx:
    Resumption PSK: 540BAE4F20A1A90161C29F0505A74D5518606AF093F76434CB530AEBED5DC99E7379025B0D7B85C30A9CF0D2D2DECB29
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 172800 (seconds)
    TLS session ticket:
    0000 - f1 5a c9 d6 e1 a9 48 6a-19 57 d6 76 11 53 51 3a   .Z....Hj.W.v.SQ:
    0010 - c4 6d 81 5c 72 49 76 08-d3 8b 84 dc 4c 50 62 a9   .m.\rIv.....LPb.
    0020 - ee ca 6e 07 06 26 2b 8b-e0 d2 27 43 27 c1 83 8b   ..n..&+...'C'...
    0030 - b2 41 e1 8a aa cb 3b 93-82 9f 9a d7 93 ec cf bc   .A....;.........
    0040 - 37 79 62 f6 f2 1a 2b d9-1b 4d ab 53 ab 3b 1d 72   7yb...+..M.S.;.r
    0050 - dd 68 1b 52 4c e4 79 9d-b4 0f 19 38 d3 92 d0 b3   .h.RL.y....8....
    0060 - d1 da a8 9a 2f df 41 69-a3 4a 1f 03 ae e0 32 aa   ..../.Ai.J....2.
    0070 - 27 3a 12 78 20 28 ac f7-d6 1e 14 ee da fb 11 48   ':.x (.........H
    0080 - 58 cd 18 5c a3 e8 4b 57-e3 e3 e7 0d b2 d8 56 b1   X..\..KW......V.
    0090 - bd 64 66 13 eb b0 8b 53-1e e7 b7 d1 bf 20 42 c8   .df....S..... B.
    00a0 - 00 63 5f 1a ce 87 f1 87-7f 24 bb 37 6a 6d 78 8e   .c_......$.7jmx.
    00b0 - 41 33 3e c4 c9 25 2c 6a-70 02 3c 6a 65 2c 0a ca   A3>..%,jp.<je,..

    Start Time: 1618585742
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 4EA0346EDCB4006BAE8B68AB05CF8EB87D9E3C05F25DB0A8D193A48073890B33
    Session-ID-ctx:
    Resumption PSK: 224B5584C9F60881E343643B138112B569A18759339E8186E563CA68EEDEA8A382B5F2E6B2274589C6F9DF4C665A7A83
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 172800 (seconds)
    TLS session ticket:
    0000 - f1 5a c9 d6 e1 a9 48 6a-19 57 d6 76 11 53 51 3a   .Z....Hj.W.v.SQ:
    0010 - 7d b8 b1 85 74 2c d3 58-ee 14 91 78 0d a6 8d d1   }...t,.X...x....
    0020 - 71 77 a4 d5 ff 62 8c 9b-60 77 9e 99 56 15 2b 45   qw...b..`w..V.+E
    0030 - c9 83 ba d5 02 a8 40 84-73 56 d5 56 b7 31 02 bd   [email protected]
    0040 - ef 23 bf 6c 8a a8 b1 e7-41 42 8e 32 a7 7b ab b5   .#.l....AB.2.{..
    0050 - 34 e8 18 c9 a2 63 53 b0-dd 82 4e a1 99 3a 95 52   4....cS...N..:.R
    0060 - 2f fc ec 87 31 89 72 d0-2f 61 83 a3 4b 6c 07 be   /...1.r./a..Kl..
    0070 - cb b8 bd c0 5e 02 48 84-58 e4 d3 9b ab 96 2d 79   ....^.H.X.....-y
    0080 - 3f 42 11 40 3f e5 55 db-e4 67 47 bc e8 15 db 81   [email protected]?.U..gG.....
    0090 - 3b 9c 3a 44 e8 cd 6d 3c-4d c6 17 42 a9 10 23 be   ;.:D..m<M..B..#.
    00a0 - 25 11 53 28 f4 c9 fa 2e-2c a3 af 82 4d 98 37 4f   %.S(....,...M.7O
    00b0 - 60 4e 7a 56 9a 15 f6 5b-c6 e5 e9 9e 12 70 7f 55   `NzV...[.....p.U

    Start Time: 1618585742
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
closed
  • openssl s_client -connect 1.0.0.1:853:
CONNECTED(00000003)
Can't use SSL_get_servername
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert TLS Hybrid ECC SHA384 2020 CA1
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = cloudflare-dns.com
verify return:1
---
Certificate chain
 0 s:C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = cloudflare-dns.com
   i:C = US, O = DigiCert Inc, CN = DigiCert TLS Hybrid ECC SHA384 2020 CA1
 1 s:C = US, O = DigiCert Inc, CN = DigiCert TLS Hybrid ECC SHA384 2020 CA1
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFhjCCBQ2gAwIBAgIQBQdvZtEbaSJWzKzVRv/sUzAKBggqhkjOPQQDAzBWMQsw
CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTAwLgYDVQQDEydEaWdp
Q2VydCBUTFMgSHlicmlkIEVDQyBTSEEzODQgMjAyMCBDQTEwHhcNMjEwMTExMDAw
MDAwWhcNMjIwMTE4MjM1OTU5WjByMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2Fs
aWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRm
bGFyZSwgSW5jLjEbMBkGA1UEAxMSY2xvdWRmbGFyZS1kbnMuY29tMFkwEwYHKoZI
zj0CAQYIKoZIzj0DAQcDQgAEF60f6DWvcNONnJ5k/UceW5cMCtEQqCYyETZmTRKZ
w+Exu/UhY3PdpcHBoPBtpMRe4cLb2vkNNIAa97ngOvLVdKOCA58wggObMB8GA1Ud
IwQYMBaAFAq8CCkXjKU5bXoOzjPHLrPt+8N6MB0GA1UdDgQWBBThtvwG+bmLBfTB
4kibArkLwbU9eTCBpgYDVR0RBIGeMIGbghJjbG91ZGZsYXJlLWRucy5jb22CFCou
Y2xvdWRmbGFyZS1kbnMuY29tgg9vbmUub25lLm9uZS5vbmWHBAEBAQGHBAEAAAGH
BKKfJAGHBKKfLgGHECYGRwBHAAAAAAAAAAAAERGHECYGRwBHAAAAAAAAAAAAEAGH
ECYGRwBHAAAAAAAAAAAAAGSHECYGRwBHAAAAAAAAAAAAZAAwDgYDVR0PAQH/BAQD
AgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBlwYDVR0fBIGPMIGM
MESgQqBAhj5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUTFNIeWJy
aWRFQ0NTSEEzODQyMDIwQ0ExLmNybDBEoEKgQIY+aHR0cDovL2NybDQuZGlnaWNl
cnQuY29tL0RpZ2lDZXJ0VExTSHlicmlkRUNDU0hBMzg0MjAyMENBMS5jcmwwSwYD
VR0gBEQwQjA2BglghkgBhv1sAQEwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5k
aWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsG
AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0
dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU0h5YnJpZEVDQ1NI
QTM4NDIwMjBDQTEuY3J0MAwGA1UdEwEB/wQCMAAwggEEBgorBgEEAdZ5AgQCBIH1
BIHyAPAAdgApeb7wnjk5IfBWc59jpXflvld9nGAK+PlNXSZcJV3HhAAAAXby6BKo
AAAEAwBHMEUCIQDRsvaM+FOVneTUUwY0ggKKCuqKp7wnHvtWHtEUZB+uZwIgJbGG
3Rsq548BxED2wxZ4q2G/9jo0/EeIEwdl9GC7NEIAdgAiRUUHWVUkVpY/oS/x922G
4CMmY63AS39dxoNcbuIPAgAAAXby6BMPAAAEAwBHMEUCIQCV3RpnSizsrJ1vi/48
/qT1PoclZYI3N51mveRdD2gkWQIgdWX+MLuAa8ziuKGIlqjoAiaOvs/4IfqthaAN
h6HW8TQwCgYIKoZIzj0EAwMDZwAwZAIwJMLPbL32rtHJ1R9KdC48PdHAPtzXG9OU
cVv+pYYWJoIBItMKbvyYtdLiueUHaXeWAjBFe2+Cpn22YsMxhdW1NV1PTISIrBoA
PQyEQNywp8ocEycVHjf5RsOu2f35uSOLfyo=
-----END CERTIFICATE-----
subject=C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = cloudflare-dns.com

issuer=C = US, O = DigiCert Inc, CN = DigiCert TLS Hybrid ECC SHA384 2020 CA1

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2823 bytes and written 373 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 3E9B6724DC2ADABE95BA1DB1177E1E3244419A826F8EC3DC5EF365736E9A7AEE
    Session-ID-ctx:
    Resumption PSK: F007C63111076C4D61CD769E3911189967223DC0A4FFE024254C301B5FFBAD557727CA931016C549B3BC0272D320086E
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 172800 (seconds)
    TLS session ticket:
    0000 - f1 5a c9 d6 e1 a9 48 6a-19 57 d6 76 11 53 51 3a   .Z....Hj.W.v.SQ:
    0010 - da a2 7a fb 72 dd b0 5f-80 b0 27 eb 0d 78 85 9a   ..z.r.._..'..x..
    0020 - 30 86 df 80 8e d3 f7 c8-ab 93 7a 34 36 8f 34 fa   0.........z46.4.
    0030 - 83 ed 7a 8d 06 c3 63 41-52 7f a6 0c 77 4e 91 35   ..z...cAR...wN.5
    0040 - 1b 00 94 e7 21 1f 12 72-9d 3a 55 52 22 a3 25 51   ....!..r.:UR".%Q
    0050 - 1f c6 a6 21 10 49 bc ae-21 a2 be bf 7f 71 d5 63   ...!.I..!....q.c
    0060 - 39 ce 95 f0 ee 13 4b f7-ad 46 ad c4 a2 6c 3b 3e   9.....K..F...l;>
    0070 - f0 e4 27 f6 26 82 2c a3-ce 3c 27 b1 4e ea 21 62   ..'.&.,..<'.N.!b
    0080 - d0 19 13 e5 12 42 1f e5-5c 7e 08 64 1d 38 0b 6c   .....B..\~.d.8.l
    0090 - a2 c1 0b 02 c0 d2 c8 31-72 48 cb 88 bd ea c8 1e   .......1rH......
    00a0 - b2 f0 39 cb a4 a5 89 a5-20 1b 2e 5f 95 e4 7b c8   ..9..... .._..{.
    00b0 - d8 74 bb 3d 3c ec e4 d4-ad 86 b3 bc c8 a8 b3 08   .t.=<...........

    Start Time: 1618585758
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: DA42DE036F3FC4ACFE8E50CAD0AA237D5E8FBB6FB669696B31CBC8FFDFD205F5
    Session-ID-ctx:
    Resumption PSK: DD2D0C30C9F59388FAE866056E197D8B9FA6EC35A26DA325B2ADF77EB694208EED196CEFA8C6B04CD4DDB7B2162A0A54
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 172800 (seconds)
    TLS session ticket:
    0000 - f1 5a c9 d6 e1 a9 48 6a-19 57 d6 76 11 53 51 3a   .Z....Hj.W.v.SQ:
    0010 - b0 57 92 83 d5 44 df 9b-1f 86 da 7f e0 bb df c4   .W...D..........
    0020 - f0 14 1c e5 90 0b f7 1e-45 39 71 a2 ce d5 a4 77   ........E9q....w
    0030 - 1e 2b b2 20 50 6e 18 28-88 97 0d b5 16 89 35 16   .+. Pn.(......5.
    0040 - 6a f9 12 9e 89 92 27 5b-25 3d 79 03 f4 db da c0   j.....'[%=y.....
    0050 - a7 f9 cc fe a1 77 8f 0d-24 3b b0 9f 05 2a 06 01   .....w..$;...*..
    0060 - b6 4e a2 8b 9d b0 cd 98-a7 96 83 25 8e 16 8c 7a   .N.........%...z
    0070 - b1 2f 55 89 af a5 da ab-a0 15 38 c5 08 82 ff 7e   ./U.......8....~
    0080 - 1b ec 4d 14 6a 6c 01 f9-72 fc 8d 3e 90 4e bd e2   ..M.jl..r..>.N..
    0090 - 79 7f 38 1a be 77 ea fd-10 99 36 c7 25 fd 42 67   y.8..w....6.%.Bg
    00a0 - 99 a7 b9 6a 87 e6 f5 71-5a 8a 53 90 32 a7 91 98   ...j...qZ.S.2...
    00b0 - 41 28 82 de 79 56 1f 7f-92 d5 68 68 4d 47 af 45   A(..yV....hhMG.E

    Start Time: 1618585758
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
closed
  • kdig +tls @1.1.1.1 id.server CH TXT:
;; TLS session (TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 20233
;; Flags: qr rd ra; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 0

;; QUESTION SECTION:
;; id.server.          		CH	TXT

;; ANSWER SECTION:
id.server.          	0	CH	TXT	"SOF"

;; Received 43 B
;; Time 2021-04-16 18:11:35 EEST
;; From [email protected](TCP) in 6.0 ms
  • kdig +tls @1.0.0.1 id.server CH TXT:
;; TLS session (TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 42375
;; Flags: qr rd ra; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 0

;; QUESTION SECTION:
;; id.server.          		CH	TXT

;; ANSWER SECTION:
id.server.          	0	CH	TXT	"SOF"

;; Received 43 B
;; Time 2021-04-16 18:12:05 EEST
;; From [email protected](TCP) in 7.4 ms
  • curl -H 'accept: application/dns-json' 'https://cloudflare-dns.com/dns-query?name=cloudflare.com&type=AAAA':
{"Status":0,"TC":false,"RD":true,"RA":true,"AD":true,"CD":false,"Question":[{"name":"cloudflare.com","type":28}],"Answer":[{"name":"cloudflare.com","type":28,"TTL":296,"data":"2606:4700::6810:84e5"},{"name":"cloudflare.com","type":28,"TTL":296,"data":"2606:4700::6810:85e5"}]}

Forgot to add the IPv4 A record:

  • curl -H 'accept: application/dns-json' 'https://cloudflare-dns.com/dns-query?name=cloudflare.com&type=A':
{"Status":0,"TC":false,"RD":true,"RA":true,"AD":true,"CD":false,"Question":[{"name":"cloudflare.com","type":1}],"Answer":[{"name":"cloudflare.com","type":1,"TTL":31,"data":"104.16.132.229"},{"name":"cloudflare.com","type":1,"TTL":31,"data":"104.16.133.229"}]}

OK, this turned out to be a misconfiguration on ISP side on my line specifically. It is now sorted.