1.1.1.1 not working at TIM ISP Brazil

Hello people from Cloudflare, i am a customer from a big telco company from Brazil.
Here we are using Live Tim a service that delivers FTTH to the end users.
In about a week or so, i have a issue where 1.1.1.1 dont responds to me.
I willing to deliver all the information required to get this issue solved.

Thanks in advance.

https://cloudflare-dns.com/help/?_ga=2.154504056.1942156317.1597009714-851753323.1596067581#eyJpc0NmIjoiTm8iLCJpc0RvdCI6Ik5vIiwiaXNEb2giOiJObyIsInJlc29sdmVySXAtMS4xLjEuMSI6Ik5vIiwicmVzb2x2ZXJJcC0xLjAuMC4xIjoiWWVzIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTExMSI6IlllcyIsInJlc29sdmVySXAtMjYwNjo0NzAwOjQ3MDA6OjEwMDEiOiJZZXMiLCJkYXRhY2VudGVyTG9jYXRpb24iOiJHUlUiLCJpc1dhcnAiOiJObyIsImlzcE5hbWUiOiJUaW0gQ2VsdWxhciBTLkEuIiwiaXNwQXNuIjoiMjY2MTUifQ==

> dig @ns3.Cloudflare.com whoami.Cloudflare.com txt +short
> "177.51.145.6"
> 
> 
> dig example.com @1.1.1.1
> 
> ; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> example.com @1.1.1.1
> ;; global options: +cmd
> ;; connection timed out; no servers could be reached
> 
> $ dig example.com @1.0.0.1
> 
> ; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> example.com @1.0.0.1
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30080
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ;; QUESTION SECTION:
> ;example.com.                   IN      A
> 
> ;; ANSWER SECTION:
> example.com.            84103   IN      A       93.184.216.34
> 
> ;; Query time: 11 msec
> ;; SERVER: 1.0.0.1#53(1.0.0.1)
> ;; WHEN: Mon Aug 10 09:04:54 -03 2020
> ;; MSG SIZE  rcvd: 67
> 
>  dig example.com @8.8.8.8
> 
> ; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> example.com @8.8.8.8
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39502
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 512
> ;; QUESTION SECTION:
> ;example.com.                   IN      A
> 
> ;; ANSWER SECTION:
> example.com.            21561   IN      A       93.184.216.34
> 
> ;; Query time: 19 msec
> ;; SERVER: 8.8.8.8#53(8.8.8.8)
> ;; WHEN: Mon Aug 10 09:05:15 -03 2020
> ;; MSG SIZE  rcvd: 56
> 
> $ dig +short CHAOS TXT id.server @1.1.1.1
> ;; connection timed out; no servers could be reached
> 
> $ dig +short CHAOS TXT id.server @1.0.0.1
> "GRU"
> 
> 
> 
> |------------------------------------------------------------------------------------------|
> |                                      WinMTR statistics                                   |
> |                       Host              -   %  | Sent | Recv | Best | Avrg | Wrst | Last |
> |------------------------------------------------|------|------|------|------|------|------|
> |                               My.Router -    0 |   11 |   11 |    1 |    1 |    3 |    2 |
> |   186-230-221-127.ded.intelignet.com.br -    0 |   11 |   11 |    7 |   12 |   19 |    9 |
> |                           10.211.255.68 -    0 |   11 |   11 |    7 |   16 |   24 |   18 |
> |                          10.223.238.238 -    0 |   11 |   11 |    9 |   17 |   25 |   24 |
> |                          10.223.238.117 -    0 |   11 |   11 |   12 |   20 |   29 |   20 |
> |                           10.208.240.82 -    0 |   11 |   11 |   15 |   20 |   25 |   25 |
> |                           10.208.164.49 -    0 |   11 |   11 |   12 |   22 |   27 |   23 |
> |                          10.208.244.158 -    0 |   11 |   11 |   19 |   23 |   27 |   24 |
> |                          10.208.174.129 -    0 |   11 |   11 |   15 |   22 |   27 |   15 |
> |                         one.one.one.one -    0 |   11 |   11 |   16 |   22 |   26 |   26 |
> |________________________________________________|______|______|______|______|______|______|
>    WinMTR v0.92 GPL V2 by Appnor MSP - Fully Managed Hosting & Cloud Provider
> 
> |------------------------------------------------------------------------------------------|
> |                                      WinMTR statistics                                   |
> |                       Host              -   %  | Sent | Recv | Best | Avrg | Wrst | Last |
> |------------------------------------------------|------|------|------|------|------|------|
> |                               My.Router -    0 |   11 |   11 |    1 |    2 |    4 |    2 |
> |   186-230-221-127.ded.intelignet.com.br -    0 |   11 |   11 |    7 |    9 |   14 |    7 |
> |                           10.211.255.68 -    0 |   11 |   11 |    7 |   11 |   19 |    8 |
> |                          10.223.238.238 -    0 |   11 |   11 |   13 |   17 |   20 |   13 |
> |               as13335.saopaulo.sp.ix.br -    0 |   11 |   11 |    9 |   14 |   21 |   11 |
> |                         one.one.one.one -    0 |   11 |   11 |    9 |   12 |   16 |   11 |
> |________________________________________________|______|______|______|______|______|______|
>    WinMTR v0.92 GPL V2 by Appnor MSP - Fully Managed Hosting & Cloud Provider
> 
> https://cloudflare-dns.com/help/?_ga=2.154504056.1942156317.1597009714-851753323.1596067581#eyJpc0NmIjoiTm8iLCJpc0RvdCI6Ik5vIiwiaXNEb2giOiJObyIsInJlc29sdmVySXAtMS4xLjEuMSI6Ik5vIiwicmVzb2x2ZXJJcC0xLjAuMC4xIjoiWWVzIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTExMSI6IlllcyIsInJlc29sdmVySXAtMjYwNjo0NzAwOjQ3MDA6OjEwMDEiOiJZZXMiLCJkYXRhY2VudGVyTG9jYXRpb24iOiJHUlUiLCJpc1dhcnAiOiJObyIsImlzcE5hbWUiOiJUaW0gQ2VsdWxhciBTLkEuIiwiaXNwQXNuIjoiMjY2MTUifQ==
> 
> $ nmap -v -sV 1.1.1.1 -Pn -p53
> 
> Starting Nmap 7.60 ( https://nmap.org ) at 2020-08-10 09:23 -03
> NSE: Loaded 42 scripts for scanning.
> Initiating Parallel DNS resolution of 1 host. at 09:23
> Completed Parallel DNS resolution of 1 host. at 09:23, 0.01s elapsed
> Initiating Connect Scan at 09:23
> Scanning one.one.one.one (1.1.1.1) [1 port]
> Completed Connect Scan at 09:23, 0.01s elapsed (1 total ports)
> Initiating Service scan at 09:23
> NSE: Script scanning 1.1.1.1.
> Initiating NSE at 09:23
> Completed NSE at 09:23, 0.00s elapsed
> Initiating NSE at 09:23
> Completed NSE at 09:23, 0.00s elapsed
> Nmap scan report for one.one.one.one (1.1.1.1)
> Host is up (0.013s latency).
> 
> PORT   STATE  SERVICE VERSION
> 53/tcp closed domain
> 
> Read data files from: /usr/bin/../share/nmap
> Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
> Nmap done: 1 IP address (1 host up) scanned in 0.31 seconds
> 
> $ nmap -v -sV 1.0.0.1 -Pn -p53
> 
> Starting Nmap 7.60 ( https://nmap.org ) at 2020-08-10 09:24 -03
> NSE: Loaded 42 scripts for scanning.
> Initiating Parallel DNS resolution of 1 host. at 09:24
> Completed Parallel DNS resolution of 1 host. at 09:24, 0.00s elapsed
> Initiating Connect Scan at 09:24
> Scanning one.one.one.one (1.0.0.1) [1 port]
> Discovered open port 53/tcp on 1.0.0.1
> Completed Connect Scan at 09:24, 0.01s elapsed (1 total ports)
> Initiating Service scan at 09:24
> Scanning 1 service on one.one.one.one (1.0.0.1)
> Completed Service scan at 09:24, 6.03s elapsed (1 service on 1 host)
> NSE: Script scanning 1.0.0.1.
> Initiating NSE at 09:24
> Completed NSE at 09:24, 0.00s elapsed
> Initiating NSE at 09:24
> Completed NSE at 09:24, 0.00s elapsed
> Nmap scan report for one.one.one.one (1.0.0.1)
> Host is up (0.011s latency).
> 
> PORT   STATE SERVICE VERSION
> 53/tcp open  domain
> 
> Read data files from: /usr/bin/../share/nmap
> Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
> Nmap done: 1 IP address (1 host up) scanned in 6.34 seconds

At first glance, it looks like something in your network is improperly configured for 1.1.1.1

Try using just 1.0.0.1 instead.

This output is coming from a computer without firewall, connected directly to the ISP router.

When I said “your network”, I meant somewhere along your route to Cloudflare. This would include your ISP.

Ok, gotcha.
In this case Cloudflare can touch bases to TIM ISP internally to report that ?

Nope. Your ISP wasn’t allowed to use that IP address in the first place. You’d have to let them know they’re interfering with someone else’s service.

Exists a external way to prove it ? Like a evidence ? That i can follow up with then ?

Try a traceroute to 1.1.1.1. It will probably stop somewhere in your ISPs network.

The entire 1.1.1 range belongs to APNIC and Cloudflare.

The first WINMTR in this post is a tracert to your network.
And right above a visual tracert.

Ah, now I see it in your original post. Yes, it never leaves the internal network at your ISP.

After contact with the Technical team of TIM ISP via Peering DB contacts the route have been fixed.

image

1 Like