1.1.1.1 not resolving any adress, the browser doesn't also receive any data. (Fastweb Italy)


#1

Hi! I’ve been happily using your DNS service for a month now but… I realized, just a few days ago, that only 1.0.0.1 is working now (greatly!) and correctly answering to requests.

I also noticed that the browser doesnt receive any data when accessing 1.1.1.1 website, while 1.0.0.1 shows the site correctly. Onestly I’m not sure if the requests were working fine on 1.1.1.1 BUT I am sure that the site 1.1.1.1 was displaying correctly from the same network (home) using the same browser (Firefox Quantum) a month ago…

Here some basic tests results.

C:\Users\mail>nslookup -class=chaos -type=txt id.server 1.1.1.1
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 1.1.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Tempo scaduto per la richiesta a UnKnown

C:\Users\mail>nslookup -class=chaos -type=txt id.server 1.0.0.1
Server: 1dot1dot1dot1.cloudflare-dns.com
Address: 1.0.0.1

Risposta da un server non autorevole:
id.server text =

    "fco01"

C:\Users\mail>nslookup example.com 1.1.1.1
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 1.1.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Tempo scaduto per la richiesta a UnKnown

C:\Users\mail>nslookup example.com 1.0.0.1
Server: 1dot1dot1dot1.cloudflare-dns.com
Address: 1.0.0.1

Risposta da un server non autorevole:
Nome: example.com
Addresses: 2606:2800:220:1:248:1893:25c8:1946
93.184.216.34

C:\Users\mail>nslookup example.com 8.8.8.8
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Risposta da un server non autorevole:
Nome: example.com
Addresses: 2606:2800:220:1:248:1893:25c8:1946
93.184.216.34


I have also tryed to complete all the test from the router itself (pfsense) but the same results were shown.

Any hint?
Thank you!


#2

Can you trace it?
mtr, traceroute, tcptraceroute.
What’s in front of your pfsense?


#3

Sure!
In front of my pfsense there is a fritzbox acting as vdsl modem and pfsense is set as an “exposed host”… on LAN side just a switch and some WAPs.


C:\Users\mail>tracert 1.1.1.1

Traccia instradamento verso 1dot1dot1dot1.cloudflare-dns.com [1.1.1.1]
su un massimo di 30 punti di passaggio:

1 1 ms 1 ms 1 ms pfSense.familynet.home [192.168.1.75]
2 2 ms 3 ms 2 ms modem.familynet.home [192.168.0.1]
3 20 ms 17 ms 7 ms 10.7.3.76
4 8 ms 6 ms 6 ms 10.7.30.38
5 9 ms 6 ms 6 ms 10.250.23.194
6 21 ms 20 ms 20 ms 10.3.144.86
7 19 ms 21 ms 19 ms 10.3.144.86
8 21 ms 20 ms 20 ms 1dot1dot1dot1.cloudflare-dns.com [1.1.1.1]

Traccia completata.

C:\Users\mail>tracert 1.0.0.1

Traccia instradamento verso 1dot1dot1dot1.cloudflare-dns.com [1.0.0.1]
su un massimo di 30 punti di passaggio:

1 1 ms 1 ms 1 ms pfSense.familynet.home [192.168.1.75]
2 3 ms 2 ms 4 ms modem.familynet.home [192.168.0.1]
3 6 ms 7 ms 6 ms 10.7.3.76
4 8 ms 5 ms 5 ms 10.7.30.46
5 8 ms 7 ms 28 ms 10.250.23.194
6 17 ms 21 ms 20 ms 10.254.1.69
7 19 ms 16 ms 16 ms 89.97.200.201
8 37 ms 34 ms 16 ms 89.97.200.69
9 16 ms 16 ms 16 ms cloudflare-nap.namex.it [193.201.28.33]
10 25 ms 20 ms 20 ms 1dot1dot1dot1.cloudflare-dns.com [1.0.0.1]

Traccia completata.


C:\Users\mail\Downloads\tracetcp_v1.0.3\tracetcp_v1.0.3>tracetcp.exe 1.1.1.1:443

Tracing route to 1.1.1.1 [1dot1dot1dot1.cloudflare-dns.com] on port 443
Over a maximum of 30 hops.
1 3 ms 4 ms 4 ms 192.168.1.75 [pfSense.familynet.home]
2 3 ms 4 ms 4 ms 192.168.0.1 [modem.familynet.home]
3 8 ms 8 ms 24 ms 10.7.3.76
4 10 ms 9 ms 9 ms 10.7.30.38
5 10 ms 8 ms 10 ms 10.250.18.25
6 9 ms 9 ms 10 ms 10.250.19.1
7 9 ms 12 ms 8 ms 10.250.23.194
8 26 ms 21 ms 22 ms 10.3.144.86
9 24 ms 24 ms 23 ms 10.3.144.86
10 Destination Reached in 40 ms. Port closed on 1.1.1.1
Trace Complete.

C:\Users\mail\Downloads\tracetcp_v1.0.3\tracetcp_v1.0.3>tracetcp.exe 1.0.0.1:443

Tracing route to 1.0.0.1 [1dot1dot1dot1.cloudflare-dns.com] on port 443
Over a maximum of 30 hops.
1 3 ms 8 ms 4 ms 192.168.1.75 [pfSense.familynet.home]
2 3 ms 3 ms 4 ms 192.168.0.1 [modem.familynet.home]
3 8 ms 9 ms 21 ms 10.7.3.76
4 8 ms 9 ms 8 ms 10.7.104.190
5 11 ms 11 ms 14 ms 10.250.18.25
6 10 ms 9 ms 9 ms 10.250.19.1
7 9 ms 13 ms 13 ms 10.250.23.194
8 21 ms 19 ms 17 ms 10.254.1.69
9 26 ms 19 ms 23 ms 89.97.200.197
10 81 ms 19 ms 18 ms 89.97.200.69
11 18 ms 19 ms 18 ms 193.201.28.33 [cloudflare-nap.namex.it]
12 Destination Reached in 23 ms. Connection established to 1.0.0.1
Trace Complete.


(1.1.1.1)
|------------------------------------------------------------------------------------------|
| WinMTR statistics |

Host - % Sent Recv Best Avrg Wrst Last
pfSense.familynet.home - 0 40 40 1 1 7 7
modem.familynet.home - 0 40 40 4 6 20 11
10.7.3.76 - 0 40 40 5 7 20 10
10.7.30.38 - 0 40 40 6 6 10 7
10.250.23.194 - 0 40 40 5 7 13 8
10.3.144.86 - 0 40 40 19 20 25 20
10.3.144.86 - 0 40 40 19 20 25 20
1dot1dot1dot1.cloudflare-dns.com - 0 40 40 19 20 25 20
________________________________________________ ______ ______ ______ ______ ______ ____

(1.0.0.1)
|------------------------------------------------------------------------------------------|
| WinMTR statistics |

Host - % Sent Recv Best Avrg Wrst Last
pfSense.familynet.home - 0 40 40 1 1 5 1
modem.familynet.home - 0 40 40 3 6 17 5
10.7.3.76 - 0 40 40 5 7 17 6
10.7.30.46 - 0 40 40 6 6 10 6
10.250.23.194 - 0 40 40 6 7 11 7
10.254.1.69 - 0 40 40 16 24 109 30
89.97.200.201 - 0 40 40 16 17 21 18
89.97.200.69 - 0 40 40 16 20 49 18
cloudflare-nap.namex.it - 0 40 40 16 16 20 18
1dot1dot1dot1.cloudflare-dns.com - 0 40 40 19 20 25 20
________________________________________________ ______ ______ ______ ______ ______ ____

#4

1.1.1.1 isn’t getting out past an internal network. Well…the internal network has inappropriately claimed 1.1.1.1 for itself.

Your ISP needs to fix this. It’s Fastweb?


#5

Yes it is!





#6

https://1.1.1.1 site unreachable since yesterday Fastweb Italy…with vpn has no problems


#7

Doing some more tests…
is it a regular response of your dns server when accessing it from port 443?


#8

I’ve asked our network team to reach out to Fastweb. Hopefully, they will be able to fix this. In the meantime, if your internet connection is IPv6 enabled, you can use 2606:4700:4700::1111 and 2606:4700:4700::1001


#9

Our network team is asking if this is still an issue for you?


#10

I can confirm the problem has been solved! Tcp-traceroute went straight to namex and the webpage is displaying correctly. Thank you.