A entries set to local/private IPs do not resolve

Hello,

My domain’s DNS is on Cloudflare.

I had an A entry for oauth.provateknike.net set to the private IP 192.168.2.22. It worked fine.

Due to network reconfiguration I changed it to 192.168.1.22 and now DNS resolvers do not even answer for that query. Reverting it to .2.22 does not resolve the problem.

None of the addresses are proxied, CF is used only as DNS

dig @1.1.1.1 oauth.provateknike.net

; <<>> DiG 9.10.6 <<>> @1.1.1.1 oauth.provateknike.net
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

The same problem happens with another domain as well (also with DNS on Cloudflare). A entries with a non-private IP resolve fine. It’s only private IPs that result in the above problems. Most troubling for me is the “servers could not be reached” message - seems like CF is flat out dropping the connection on that request.

Querying CF with DoH returns the correct IP, i.e. the problem seems limited to normal DNS

curl -H 'accept: application/dns-json' 'https://cloudflare-dns.com/dns-query?name=oauth.provateknike.net&type=A' | jq .

Any idea?

Apparently my ISP is filtering all DNS replies that refer to private or local IPs - without notifying me about this.

Cloudflare is indeed working properly. Consider this thread solved.

1 Like

I’d recommend you look at DNS over TLS or DNS over HTTPS if your ISP intercepts DNS requests.

It is more likely that your ISP redirects all DNS queries to their own server instead of just “filtering” based on the response.

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.