1.1.1.1 and 1.0.0.1 routed to its own servers by Indian ISP ACT fibernet

Looks like Indian ISP ACT fibernet routed 1.1.1.1 and 1.0.0.1 to its own servers. Please look at the traceroute attached. Its not normal.

Tracing route to one.one.one.one [1.1.1.1]
over a maximum of 30 hops:

1 1 ms <1 ms <1 ms 192.168.1.1
2 604 ms 141 ms 2 ms 10.243.0.1
3 2 ms 2 ms 2 ms broadband.actcorp.in [202.83.20.205]
4 2 ms 3 ms 2 ms broadband.actcorp.in [202.83.26.1]
5 * * * Request timed out.
6 18 ms 19 ms 18 ms broadband.actcorp.in [183.82.14.133]
7 18 ms 18 ms 19 ms broadband.actcorp.in [183.82.14.158]
8 18 ms 17 ms 18 ms broadband.actcorp.in [183.82.12.38]
9 18 ms 17 ms 17 ms one.one.one.one [1.1.1.1]

Trace complete.

1 Like

Usual route would be

traceroute to 1.1.1.1 (1.1.1.1), 20 hops max, 60 byte packets
2 * *
3 * *
4 100.64.16.165 (100.64.16.165) 0.501 ms 0.513 ms
5 52.95.67.209 (52.95.67.209) 1.946 ms 1.950 ms
6 52.95.66.108 (52.95.66.108) 8.785 ms 8.800 ms
7 52.95.66.91 (52.95.66.91) 1.945 ms 1.945 ms
8 115.114.89.121.static-Mumbai.vsnl.net.in (115.114.89.121) 2.070 ms 2.073 ms
9 * *
10 * *
11 * *
12 115.114.85.222 (115.114.85.222) 26.098 ms 26.065 ms
13 115.114.85.241 (115.114.85.241) 54.820 ms 54.846 ms
14 if-ae-13-2.tcore1.svw-singapore.as6453.net (180.87.36.83) 63.255 ms 63.239 ms
15 if-ae-11-2.thar1.svq-singapore.as6453.net (180.87.98.37) 55.635 ms 55.639 ms
16 if-ae-7-2.tcore1.svq-singapore.as6453.net (180.87.98.10) 63.100 ms 63.108 ms
17 120.29.215.101 (120.29.215.101) 59.641 ms 59.646 ms
18 one.one.one.one (1.1.1.1) 58.930 ms 58.934 ms

dont know if it is being done to hijack the queries or it was done by mistake. But not able to use 1.1.1.1 dns as it is forwarding queries to US servers instead of HYD datacenter from Bangalore

1 Like

This unfortunately is something Cloudflare can’t do a lot of things about. If the ISP is hijacking queries there is nothing anyone, but them, can do.

You can check if it’s connecting actually to 1.1.1.1 or not by using https://1.1.1.1/help or https://cloudflare-dns.com/help.

1 Like

Hiya, I believe this issue was misrepresented and I’ve posted a newer topic with more info - would be great to have your insights @matteo @madhava.arimilli

Please be aware that ACT is not hijacking at all. Cloudflare’s 1.1.1.1 endpoints are everywhere, not just in Singapore. In this particular case with ACT’s internal routing, it’s reaching 1.1.1.1 located in Cloudflare’s Hyderabad node which is there in ACT’s own network.

You can verify if that’s the case by looking at the link below:

https://1.1.1.1/cdn-cgi/trace

You should see Cloudflare’s response with appropriate ‘colo’ tag along with the datacenter location that’s responsible for this. In my and your case, it would be colo=HYD just like yours, because ACT is routing most of Cloudflare to their Hyderabad location.

This infact improves your browsing experience significantly with only 17 ms of latency to reach 1.1.1.1 instead of 58 ms in normal scenarios.