1.1.1.1/help question

I used 1.1.1.1/help and I’m confused by the results. Sometimes it says that I am connected to 1.1.1.1 but seomtimes the AS name is Cloudflare and sometimes it is something I don’t recognize like, “Woodynet”. Sometimes it says I am not connected to 1.1.1.1 but the AS Name is Cloudflare.

What does the AS Name refer to? Why do I see apparently conflicting responses?

That should be the AS where your current resolver is located.

It says you are not using Cloudflare, but you are using DoH. Is that correct, are you using DoH? If so, could it be that your DoH configuration is somewhat funny and randomly connects to Cloudflare or other DoH providers?

Sorry have added some information I realized is missing (in bold)

Yes, I have set up the new DoH feature in Firewalla. But here are the observations.

  1. I see Connected to 1.1.1.1 alternate between yes and no. I assume that there is a failover to DNS if DoH exceeds a threshold? Understandable, but this happens a lot. Firewalla allows you to set multiple DoH providers and is supposed to pick the fastest one though I don’t know how they calculate “fastest”.
  2. I see AS Name go from ASName (WoodyNet (Quad9) to Cloudflare. (This makes sense since I have those two turned on in Firewall Settings).
  3. I think I saw Connected to 1.1.1.1 and AS Name WoodyNet (can’t reproduce right now) and NOT connected 1.1.1.1 but AS Name Cloudflare. This doesn’t make sense to me.

How many queries do you send? Is this within a reasonable limit? If so I would think there should be a reason to “fail over”.

But we have the explanation why you get different values, if you have more than just Cloudflare configured your DoH resolver might also connect elsewhere. If you only keep the Cloudflare configuration, that should fix it too.

Yes, some of the alternating makes sense given what you said (I edited my original question to fill in information I realized I hadn’t provided). But I don’t think I should be seeing “mixed” results of Connected to 1.1.1.1 and AS not being Cloudflare or Connected to Google but AS Name as Cloudflare, right?

How many DoH servers have you set up? I thought two. Google as well?

If you have some sort of round robin, it might be that the test contacts different servers, which then will show different values.

Woodynet is Packet Clearing House, and they are a well known and respected not for profit, who focus almost entirely on securing the core infrastructure of the Internet.

Is it possible that they are doing an experiment with Cloudflare on 1.1.1.1?

Sorry for the sake of discussion let’s just assume two DoH providers. This was unnecessarily confusing. But there were times that the Connected to and the AS Name did not seem to be sync’d.

On a related note, If I use another DoH provider, say Quad9, is 1.1.1.1/help expected to indicate that DoH is active or will that test expect to fail?

I addressed this at 1.1.1.1/help question