1.1.1.1 blocked/flaky/de-prioritized on ACT?

Hello,

I use ACT (Atria Convergence Technologies) as my ISP in Bangalore, and it appears that ACT is either blocking outbound requests on DNS port 53 for everyone other than google (8.8.8.8) and themselves, or dropping DNS-UDP packets intended for 1.1.1.1. Following is the issue:

  1. Pings to 1.1.1.1 always go through
  2. traceroute to 1.1.1.1 usually does NOT go through, but sometimes does.
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets

1 _gateway (192.168.0.1) 1.726 ms 2.044 ms 2.041 ms
2 broadband.actcorp.in (xx.xx.xx.xx) 6.157 ms 6.166 ms 6.154 ms
3 broadband.actcorp.in (202.83.20.43) 144.173 ms 144.184 ms 144.171 ms
4 14.141.145.5.static-Bangalore.vsnl.net.in (14.141.145.5) 6.092 ms 6.657 ms 6.668 ms
5 * * *
6 * * *
7 * * *

  1. dig google.com @1.1.1.1 usually fails, but sometimes goes through
dig google.com @1.1.1.1

; <<>> DiG 9.16.1-Ubuntu <<>> google.com @1.1.1.1
;; global options: +cmd
;; connection timed out; no servers could be reached

  1. I’ve raised this issue with ACT and I’ve had different responses from different people.
    (a) I was first told that port 53 is blocked for dynamic IPs and only static IPs have this unblocked. I asked for, and got a static IP for extra cost. However, 1.1.1.1 is still not reachable.
    (b) I was later told by another ACT employee that traffic to 1.1.1.1:53 is not prioritized, and hence packets are likely to be dropped anywhere on the network. This made more sense, because this is UDP, and explains the flakiness of the whole thing.

  2. When I mentioned that 8.8.8.8 always works, I was told that Google DNS and ACT’s own DNS are treated differently(prioritized?) on the network and will go through.

  3. My question is, if there’s someone from cloudflare who can work with ACT and have this fixed?

Thanks!

Hi

I’m no expert on these technologies but I do believe that these kind of situation is what DNS over HTTPS was created for.

Maybe you could try using the 1.1.1.1 app for your relevant system to try it out since I believe those use DoH by default.

Yes, I understand that, and have DoH configured on all devices I can. However, there are devices on my network that won’t allow me to configure DoH, and get resolved using the router - which I’d like to configure to 1.1.1.1 if it were reliable.