1.1.1.1 cannot resolve google sites


#1

Hello. I’m probably unlike most of you. I read about, and decided to use Cloudflare’s DNS for my personal computer (Macbook). However, once I moved to Cloudflare’s DNS servers, I first noticed I cannot perform a Google search. I then realized I couldn’t reach google.com, and after logging out and navigating away from Gmail, I couldn’t reach it again.

Any reason this would be happening?

Thanks ahead for any help!


#3

Is there a separate forum for users of your DNS?


#4

Try following this guide and reportage back, @wvcadle

I do notte get you reply @benzygs94.


#5

You won’t get any. :wink:


#6

What did I miss with that user?


#7

Please ignore @benzygs94.


#8

Thank you for a speedy reply. I don’t mind doing any tests you ask. Although most of these are above my head, I’ll paste the results of all of them below. I’m looking for the .txt files a couple of the commands created. I’ve only been using a Mac for about six months, so I haven’t found them yet.

; <<>> DiG 9.10.6 <<>> google.com @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50964
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1536
;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 40 IN A 172.217.2.110

;; Query time: 37 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri May 04 08:08:10 EDT 2018
;; MSG SIZE rcvd: 55

Marks-MacBook-Pro:~ macadle$ dig google.com @1.0.0.1

; <<>> DiG 9.10.6 <<>> google.com @1.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9267
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1536
;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 280 IN A 172.217.2.110

;; Query time: 43 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Fri May 04 08:09:11 EDT 2018
;; MSG SIZE rcvd: 55

Marks-MacBook-Pro:~ macadle$ dig google.com @8.8.8.8

; <<>> DiG 9.10.6 <<>> google.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3826
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 299 IN A 172.217.15.78

;; Query time: 43 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri May 04 08:09:41 EDT 2018
;; MSG SIZE rcvd: 55

Marks-MacBook-Pro:~ macadle$ dig +short CHAOS TX id.server @1.1.1.1
Marks-MacBook-Pro:~ macadle$ dig +short CHAOS TX id.server @1.0.0.1
Marks-MacBook-Pro:~ macadle$ dig @ns3.cloudflare.com whoami.cloudflare.com 26 txt +short
Marks-MacBook-Pro:~ macadle$ traceroute 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 64 hops max, 52 byte packets
1 10.64.208.1 (10.64.208.1) 1.661 ms 1.135 ms 1.363 ms
2 10.54.39.1 (10.54.39.1) 5.800 ms 4.258 ms 5.635 ms
3 10.52.1.1 (10.52.1.1) 3.443 ms 2.885 ms 2.472 ms
4 168.216.16.1 (168.216.16.1) 4.112 ms 3.718 ms 3.404 ms
5 car-mi.wvnet.3rox.net (147.73.19.108) 13.642 ms 13.281 ms 13.560 ms
6 cbr-acm-core-e-1-24.3rox.net (147.73.15.6) 27.964 ms 32.193 ms 31.822 ms
7 te0-0-1-7.rcr21.pit02.atlas.cogentco.com (38.107.150.73) 29.541 ms 27.613 ms 26.047 ms
8 be2821.ccr21.cle04.atlas.cogentco.com (154.54.83.117) 88.168 ms * 31.714 ms
9 be2993.ccr31.yyz02.atlas.cogentco.com (154.54.31.226) 38.730 ms 35.700 ms 34.657 ms
10 38.88.240.186 (38.88.240.186) 35.420 ms 41.704 ms 42.234 ms
11 1dot1dot1dot1.cloudflare-dns.com (1.1.1.1) 37.557 ms 39.654 ms 40.841 ms
Marks-MacBook-Pro:~ macadle$ traceroute 1.0.0.1
traceroute to 1.0.0.1 (1.0.0.1), 64 hops max, 52 byte packets
1 10.64.208.1 (10.64.208.1) 33.307 ms 1.876 ms 1.062 ms
2 10.54.39.1 (10.54.39.1) 6.773 ms 5.593 ms 3.081 ms
3 10.52.1.1 (10.52.1.1) 2.880 ms 2.126 ms 2.223 ms
4 168.216.16.1 (168.216.16.1) 4.151 ms 3.224 ms 3.302 ms
5 car-mi.wvnet.3rox.net (147.73.19.108) 14.025 ms 13.337 ms 12.908 ms
6 cbr-acm-core-e-1-24.3rox.net (147.73.15.6) 29.633 ms 26.823 ms 29.652 ms
7 te0-0-1-7.rcr21.pit02.atlas.cogentco.com (38.107.150.73) 32.448 ms 31.602 ms 30.394 ms
8 be2821.ccr21.cle04.atlas.cogentco.com (154.54.83.117) 32.083 ms 32.711 ms 34.558 ms
9 be2993.ccr31.yyz02.atlas.cogentco.com (154.54.31.226) 41.587 ms 38.380 ms 37.649 ms
10 38.88.240.186 (38.88.240.186) 34.765 ms 37.821 ms 39.363 ms
11 1dot1dot1dot1.cloudflare-dns.com (1.0.0.1) 38.271 ms 39.314 ms 41.046 ms
Marks-MacBook-Pro:~ macadle$ dig +tcp @1.1.1.1 id.server CH TXT
;; Connection to 1.1.1.1#53(1.1.1.1) for id.server failed: timed out.
;; Connection to 1.1.1.1#53(1.1.1.1) for id.server failed: timed out.

; <<>> DiG 9.10.6 <<>> +tcp @1.1.1.1 id.server CH TXT
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
;; Connection to 1.1.1.1#53(1.1.1.1) for id.server failed: timed out.
Marks-MacBook-Pro:~ macadle$ dig +tcp @1.0.0.1 id.server CH TXT

; <<>> DiG 9.10.6 <<>> +tcp @1.0.0.1 id.server CH TXT
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9594
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1536
;; QUESTION SECTION:
;id.server. CH TXT

;; ANSWER SECTION:
id.server. 0 CH TXT “yyz01”

;; Query time: 39 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Fri May 04 08:12:40 EDT 2018
;; MSG SIZE rcvd: 56

Marks-MacBook-Pro:~ macadle$


#9

No worries! What you sent me is enough!

It seems like you can’t reach 1.1.1.1, mi immediate suggestion would be to remove it and use 1.0.0.1 as primary with Google’s 8.8.8.8 as secondary.

To pinpoint where the issue is though, would you mind doing a traceroute 1.1.1.1?


#10

No problem!

traceroute to 1.1.1.1 (1.1.1.1), 64 hops max, 52 byte packets
1 10.64.208.1 (10.64.208.1) 3.270 ms 1.277 ms 1.236 ms
2 10.54.39.1 (10.54.39.1) 5.411 ms * *
3 10.52.1.1 (10.52.1.1) 24.495 ms 3.018 ms 2.424 ms
4 168.216.16.1 (168.216.16.1) 3.216 ms 8.369 ms 4.545 ms
5 car-mi.wvnet.3rox.net (147.73.19.108) 13.041 ms 13.296 ms 13.043 ms
6 cbr-acm-core-e-1-24.3rox.net (147.73.15.6) 39.757 ms 26.589 ms 28.495 ms
7 te0-0-1-7.rcr21.pit02.atlas.cogentco.com (38.107.150.73) 33.576 ms 40.070 ms 41.736 ms
8 be2821.ccr21.cle04.atlas.cogentco.com (154.54.83.117) 57.471 ms 43.204 ms 43.223 ms
9 be2993.ccr31.yyz02.atlas.cogentco.com (154.54.31.226) 50.893 ms 46.511 ms 44.537 ms
10 38.88.240.186 (38.88.240.186) 56.151 ms 51.102 ms 48.323 ms
11 1dot1dot1dot1.cloudflare-dns.com (1.1.1.1) 52.142 ms 52.666 ms 50.803 ms


#11

Really sorry, was on my phone and it was the first post… You are actually reaching 1.1.1.1 just fine :sweat_smile:. What kind of error are you seeing when opening Google?


#12

Yeah that is a little weird can you rerun this test please?

dig +tcp @1.1.1.1 id.server CH TXT

Also, can you try to visit the https://1.1.1.1 website and see if that succeeds?


#13

I am getting the following error. Btw, I just changed back over to the 1.1.1.1 and 1.0.0.1 servers, and couldn’t even reach this site. So I changed back to Google’s servers.

www.google.com’s server IP address could not be found.
Try running Network Diagnostics.
DNS_PROBE_FINISHED_NXDOMAIN


#14

Marks-MacBook-Pro:~ macadle$ dig +tcp @1.1.1.1 id.server CH TXT
;; Connection to 1.1.1.1#53(1.1.1.1) for id.server failed: timed out.
;; Connection to 1.1.1.1#53(1.1.1.1) for id.server failed: timed out.

; <<>> DiG 9.10.6 <<>> +tcp @1.1.1.1 id.server CH TXT
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
;; Connection to 1.1.1.1#53(1.1.1.1) for id.server failed: timed out.

When trying to visit https://1.1.1.1, I get the following:

This page isn’t working
1.1.1.1 didn’t send any data.
ERR_EMPTY_RESPONSE.


#15

Yeah, it seems weird since it seems to reach it, but it actually doesn’t…

@cscharff: Probably some node on his ISP’s network is announcing your IP and the ping tools assumes it’s Cloudflare’s DNS, but still it works while doing the dig A and not the dig CH TXT while it actually should, are they hijacking the DNS queries? It should still work accessing www.google.com though. :man_shrugging:

@wvcadle if you try using only 1.0.0.1 as DNS server? Nothing on the secondary (only while testing, never use only one DNS server)


#16

Yeah I was leaning that direction as well, this appears to confirm something odd on the network or the router (probably network). Based on the test results @matteo’s suggestion to use out alternate server 1.0.0.1 is sound advice.

I’ll pass along this output to our networking team as well so they can contact the associated providers. But it’s a bit of a hot mess.


#17

I tried using 1.0.0.1 by itself, and it still wouldn’t access Google sites. I added 8.8.8.8 as secondary, and it did.

Question: unlike Windows PCs, my Macbook allows me to add DNS servers, but if I delete what I’ve added later, the default servers return (without my intervention), as if it’s saved them. Is that typical behavior?


#18

Even though it seems pointless:

can you run

tcptraceroute 1.1.1.1 443


#19

Yeah, the default servers are added via DHCP. At some point your lease on the IP is refreshed and when that happens if you have switched back to the default (automatically assigned) that information is refreshed as part of the lease renewal process.


#20

Sure, but this is what I got: -bash: tcptraceroute: command not found.


#21

It’s typical, if you don’t override them the default you get via DHCP is added to the list otherwise nothing works.

It seems really strange that even 1.0.0.1 fails…

Something is strange here!