A connection to Cloudflare’s vpn established on my linux box via wg-quick and works fine. I’m used to using 1.1.1.2 as a primary dns server and I noticed I suddenly stopped getting its responses since 26.08.22:
#nslookup cisco.“com” 1.1.1.2
;; connection timed out; no servers could be reached
Tcpdump test shows a weird thing - I’m sending a request to 1.1.1.2 into my vpn interface (172.16.0.2), but the response comes to my public IP (here xx.xx.238.52):
#tcpdump -v -s 0 -nn -i any host 1.1.1.2
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
08:47:34.595219 IP (tos 0x0, ttl 64, id 36436, offset 0, flags [none], proto UDP (17), length 55)
172.16.0.2.54977 > 1.1.1.2.53: 58826+ A? cisco.“com”. (27)
08:47:34.622226 IP (tos 0x70, ttl 60, id 59672, offset 0, flags [DF], proto UDP (17), length 71)
1.1.1.2.53 > xx.xx.238.52.54977: 58826 1/0/0 cisco.“com”. A 72.163.4.185 (43)
That’s why my box loses this reponse. And btw: the same happens to any of Cloudflare’s DNS servers such as 1.1.1.1, 1.0.0.1 etc.
When I send my request to say google’s 8.8.8.8, it works correct - dns response comes in to vpn interface:
nslookup cisco.“com” 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: cisco.“com”
Address: 72.163.4.185
tcpdump -v -s 0 -nn -i any host 8.8.8.8
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
08:47:14.894885 IP (tos 0x0, ttl 64, id 13524, offset 0, flags [none], proto UDP (17), length 55)
172.16.0.2.37280 > 8.8.8.8.53: 19841+ A? cisco.“com”. (27)
08:47:14.937582 IP (tos 0x0, ttl 60, id 12145, offset 0, flags [none], proto UDP (17), length 71)
8.8.8.8.53 > 172.16.0.2.37280: 19841 1/0/0 cisco.“com”. A 72.163.4.185 (43)
^C
Could anyone explain what’s happening on Cloudflare’s side? Did they change something on Aug 26 ?