Cannot connect to 1.1.1.1 on AT&T


#1

Here is the requested data:

Nathaniels-MacBook-Pro:~ nathanielsuchy$ traceroute 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 64 hops max, 52 byte packets
 1  1dot1dot1dot1.cloudflare-dns.com (1.1.1.1)  3.268 ms  2.839 ms  3.001 ms

Nathaniels-MacBook-Pro:~ nathanielsuchy$ traceroute 1.0.0.1
traceroute to 1.0.0.1 (1.0.0.1), 64 hops max, 52 byte packets
 1  192.168.1.254 (192.168.1.254)  4.303 ms  3.431 ms  3.020 ms
 2  104-185-76-1.lightspeed.rlghnc.sbcglobal.net (104.185.76.1)  84.717 ms  4.738 ms  4.072 ms
 3  99.173.77.30 (99.173.77.30)  6.662 ms  5.222 ms  4.698 ms
 4  99.134.77.86 (99.134.77.86)  6.385 ms  8.092 ms  5.777 ms
 5  99.134.77.45 (99.134.77.45)  5.831 ms  6.009 ms  6.896 ms
 6  12.83.103.33 (12.83.103.33)  7.248 ms
    12.83.103.13 (12.83.103.13)  5.478 ms  5.382 ms
 7  12.123.138.178 (12.123.138.178)  13.760 ms  20.682 ms  18.949 ms
 8  12.122.2.190 (12.122.2.190)  16.582 ms  19.881 ms  17.056 ms
 9  12.122.113.37 (12.122.113.37)  17.181 ms  16.297 ms  16.937 ms
10  192.205.37.54 (192.205.37.54)  14.838 ms  14.648 ms  14.219 ms
11  ae-0.cloudflare.asbnva02.us.bb.gin.ntt.net (131.103.117.34)  15.097 ms  14.408 ms  13.879 ms
12  1dot1dot1dot1.cloudflare-dns.com (1.0.0.1)  14.880 ms  15.412 ms  14.792 ms

Nathaniels-MacBook-Pro:~ nathanielsuchy$  dig +short CHAOS TXT id.server @1.1.1.1
[nothing happens]

CNathaniels-MacBook-Pro:~ nathanielsuchy$ dig +short CHAOS TXT id.server @1.0.0.1
"iad02"

Nathaniels-MacBook-Pro:~ nathanielsuchy$ dig +tcp @1.1.1.1 id.server CH TXT
;; Connection to 1.1.1.1#53(1.1.1.1) for id.server failed: connection refused.

Nathaniels-MacBook-Pro:~ nathanielsuchy$ dig +tcp @1.0.0.1 id.server CH TXT

; <<>> DiG 9.8.3-P1 <<>> +tcp @1.0.0.1 id.server CH TXT
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21737
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;id.server.			CH	TXT

;; ANSWER SECTION:
id.server.		0	CH	TXT	"iad02"

;; Query time: 15 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Tue May 15 16:07:25 2018
;; MSG SIZE  rcvd: 45

Nathaniels-MacBook-Pro:~ nathanielsuchy$ openssl s_client -connect 1.1.1.1:853
connect: Connection refused
connect:errno=61
Nathaniels-MacBook-Pro:~ nathanielsuchy$ openssl s_client -connect 1.0.0.1:853
CONNECTED(00000003)
1424:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.7/src/ssl/s23_lib.c:185:


SBCGlobal possibly blocking 1.1.1.1?
#2

Do you have an Arris BGW router?


#3

I do not have physical access to the router.


#4

Your Internet modem/WiFi connection device has improperly claimed 1.1.1.1. Sometimes it’s a device made by Arris. So, whatever brand device you have, it’s not letting 1.1.1.1 through.


#5

This is a known issue for AT&T Internet users. Both Cloudflare and AT&T are aware of it. Two models of AT&T’s gateways, the Pace 5268AC and the Arris BGW-210 can not use reach the Cloudflare DNS service properly because both gateways are currently reserving and using the 1.1.1.1 address internally for certain functionality. Like I said AT&T has acknowledged this issue and said it will be fixed through a firmware update. No idea when AT&T will have that firmware update ready and begin to roll it out though. I’m sure its being worked on right now, but even when its done I’d say at least 2 weeks or so of internal testing before AT&T starts to slowly deploy the update in batches to customers. That’s the way they always roll out firmware updates to the gateways. My random guess is about 2 to 3 months before the firmware fix for this is starting to roll out.

However in the meantime there is a simple work around,

if you are in a area where AT&T has deployed native dual stack ipv6 service you can use the ipv6 cloudflare DNS address with no problem at all. I live in Arkansas in a town of about 30k and AT&T deployed ipv6 here over a year ago so odds are good you have it. To check look at this status page of your gateway

http://192.168.1.254/cgi-bin/broadbandstatistics.ha
Scroll down to the section labeled “ipv6” and if it looks the same as mine showing avaliable native ipv6 your good to go.
Capture

I have AT&T Internet and the BGW-210 gateway and did a test just to make sure really quick and cloudflares DNS service works perfectly when using their ipv6 address instead of 1.1.1.1. Below are the two Cloudflare DNS ipv6 addresses

2606:4700:4700::1111

2606:4700:4700::1001