1.1.1 and 1.1.0 IP ranges blocked by my ISP (Yoigo)


#1

Hi,

My ISP (Yoigo) is blocking 1.1.1.1 and 1.1.0.0 DNS traffic because both IP ranges are internal.
Connecting with another ISP and dns leaking 1.1.1.1 I can see 172.217.10 ranges are from CloudFlare (172.217.10.46 as an example). Is there any of their (or others) IPs that will be longterm supported to be able to use them instead of 1.1.1.1? That IP is internally in a lot of ISPs as you can see in comments: https://blog.cloudflare.com/announcing-1111/

Another question is about DoH or DNS over TLS support in CloudFlare. Is there any way to have that feature in Android without root? I can only make a local VPN to use CloudFlare (outside Yoigo) but not adding that DNSSec features.

Thanks in advance!


#2

Hi, Would you please provide your provider’s ASN and also a traceroute for further investigation?
If you have concern to share the entire traceroute or source IP here, please feel free to drop a mail [email protected]


#3

IPs are dynamically asigned by my ISP, so I don’t mind sharing it.

$whois -h whois.cymru.com " -v 46.6.6.114"
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
15704   | 46.6.6.114       | 46.6.0.0/18         | ES | ripencc  | 2010-09-03 | AS15704, ES

Traceroute locally shows the following, but I’ll not reboot the router in a few hours if you need to check anything.

$ traceroute 46.6.6.114 -q 10
traceroute to 46.6.6.114 (46.6.6.114), 30 hops max, 60 byte packets
 1  * * * * * * * * * *
 2  46.6.6.114 (46.6.6.114)  5.987 ms  6.016 ms  5.987 ms  5.958 ms  5.929 ms  5.897 ms * * * *

My ISP is Yoigo, a spanish company from Masmovil (according IP information: Xfera Moviles SA / Yoigo)


#4

We will try to reach out to AS15704. I was wondering if you know your CPE’s model and brand name?


#5

I performed some ping/traceroute test from AS15704.
2 out of 5 test probes are failed and it looks like a particular model of CPE is mounting the IP address 1.1.1.1. But 1.0.0.1 should be fine. Would you please share the traceroute result to 1.0.0.1?


#6

My CPE is ZTEGF680 aka F680. Software version is 4P1T6.

Traceroute from my PC via wifi 2,4 GHz gives error.

$ traceroute 1.0.0.1
traceroute to 1.0.0.1 (1.0.0.1), 30 hops max, 60 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *

Traceroute from router is ok to 1.0.0.1

traceroute to 1.0.0.1 (1.0.0.1), 30 hops max, 38 byte packets[IPV4-UDP]
 1  46.6.0.1 (46.6.0.1)  2.829 ms  1.637 ms  3.324 ms
 2  10.15.0.53 (10.15.0.53)  2.438 ms  2.976 ms  2.849 ms
 3  10.15.246.6 (10.15.246.6)  2.335 ms  2.551 ms  2.406 ms
 4  10.15.2.14 (10.15.2.14)  2.211 ms  2.833 ms  2.773 ms
 5  193.149.1.56 (193.149.1.56)  2.615 ms  6.000 ms  2.996 ms
 6  1.0.0.1 (1.0.0.1)  3.014 ms   2.876 ms   3.565 ms 
Traceroute Complete.

Traceroute from a raspberry connected with ethernet to the router is ok.

$ traceroute 1.0.0.1
traceroute to 1.0.0.1 (1.0.0.1), 30 hops max, 60 byte packets
 1  * * *
 2  46.6.0.1 (46.6.0.1)  5.062 ms  5.089 ms  5.077 ms
 3  10.15.0.53 (10.15.0.53)  5.059 ms  5.076 ms  4.950 ms
 4  10.15.246.6 (10.15.246.6)  5.059 ms  4.919 ms  4.949 ms
 5  10.15.2.14 (10.15.2.14)  19.837 ms  19.712 ms  19.909 ms
 6  cloudflare.baja.espanix.net (193.149.1.56)  5.546 ms  4.784 ms  4.226 ms
 7  1dot1dot1dot1.cloudflare-dns.com (1.0.0.1)  3.932 ms  4.199 ms  4.062 ms

Traceroute from others wifi 5GHz devices fails.
Traceroute from wifi 2,4 GHz devices is ok…

I have checked all router configurations and it must be ok (port forwarding, url filters, ip filters…)


#8

Sounds like you’ve this issue olny on one PC? Do you have any iptables rules in pace that blocks access to this network via WiFi?


#9

Yep, Can you try the same thing against 1.1.1.1?
It doesn’t looks like your ISP is actually blocking 1.0.0.1


#10

This topic was automatically closed after 14 days. New replies are no longer allowed.