CF-DNS: EWR serving requests instead of GRU

I live in São Paulo, Brazil. If I connect to a VPN node in São Paulo it gets routed correctly and ping to 1.1.1.1 returns an average of 4ms. This is the tracert when I’m connected to the VPN:

tracert 1.1.1.1

Rastreando a rota para one.one.one.one [1.1.1.1]
com no máximo 30 saltos:

  1     3 ms     1 ms     1 ms  br-002.whiskergalaxy.com [177.54.144.67]
  2     3 ms     6 ms     7 ms  177.54.144.1
  3     4 ms     4 ms     2 ms  172.30.30.6
  4     5 ms     4 ms     2 ms  172.30.30.9
  5     7 ms     5 ms     5 ms  as13335.saopaulo.sp.ix.br [187.16.219.111]
  6     5 ms     5 ms     3 ms  one.one.one.one [1.1.1.1]

Rastreamento concluído.

Disconnected from the VPN I get an average of 115ms when I ping 1.1.1.1.

My debug link:

https://cloudflare-dns.com/help/#eyJpc0NmIjoiWWVzIiwiaXNEb3QiOiJObyIsImlzRG9oIjoiWWVzIiwicmVzb2x2ZXJJcC0xLjEuMS4xIjoiWWVzIiwicmVzb2x2ZXJJcC0xLjAuMC4xIjoiWWVzIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTExMSI6Ik5vIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTAwMSI6Ik5vIiwiZGF0YWNlbnRlckxvY2F0aW9uIjoiRVdSIiwiaXNXYXJwIjoiTm8iLCJpc3BOYW1lIjoiQ2xvdWRmbGFyZSIsImlzcEFzbiI6IjEzMzM1In0=

tracert 1.1.1.1

Rastreando a rota para one.one.one.one [1.1.1.1]
com no máximo 30 saltos:

  1    <1 ms    <1 ms    <1 ms  192.168.1.1
  2     3 ms     3 ms     2 ms  10.251.255.102
  3     2 ms    <1 ms    <1 ms  100.64.100.34
  4     3 ms     2 ms     2 ms  172.16.100.69
  5     2 ms     1 ms     2 ms  172.16.1.22
  6     2 ms     2 ms     1 ms  172.16.100.2
  7     4 ms    10 ms    11 ms  172.16.100.1
  8     3 ms     3 ms     2 ms  ae-1-1074.r01.saplbr01.br.bb.gin.ntt.net [200.15.2.221]
  9     *        *        *     Esgotado o tempo limite do pedido.
 10   115 ms   114 ms   115 ms  ae-19.r00.nycmny17.us.bb.gin.ntt.net [129.250.6.81]
 11   165 ms   115 ms   171 ms  ae-0.cloudflare.nycmny17.us.bb.gin.ntt.net [129.250.194.18]
 12   116 ms   116 ms   115 ms  one.one.one.one [1.1.1.1]

ping 1.1.1.1

Disparando 1.1.1.1 com 32 bytes de dados:
Resposta de 1.1.1.1: bytes=32 tempo=116ms TTL=52
Resposta de 1.1.1.1: bytes=32 tempo=115ms TTL=52
Resposta de 1.1.1.1: bytes=32 tempo=115ms TTL=52
Resposta de 1.1.1.1: bytes=32 tempo=115ms TTL=52

Estatísticas do Ping para 1.1.1.1:
    Pacotes: Enviados = 4, Recebidos = 4, Perdidos = 0 (0% de
             perda),
Aproximar um número redondo de vezes em milissegundos:
    Mínimo = 115ms, Máximo = 116ms, Média = 115ms

tracert 1.0.0.1

Rastreando a rota para one.one.one.one [1.0.0.1]
com no máximo 30 saltos:

  1    <1 ms    <1 ms    <1 ms  192.168.1.1
  2     1 ms     1 ms     1 ms  10.251.255.102
  3    <1 ms     3 ms     1 ms  100.64.100.34
  4     2 ms     4 ms     1 ms  172.16.100.69
  5     2 ms     2 ms     3 ms  172.16.1.22
  6     2 ms     2 ms     1 ms  172.16.100.2
  7     4 ms     3 ms     1 ms  172.16.100.1
  8     4 ms     5 ms     4 ms  ae-1-1074.r01.saplbr01.br.bb.gin.ntt.net [200.15.2.221]
  9     *        *        *     Esgotado o tempo limite do pedido.
 10   116 ms   113 ms   114 ms  ae-19.r00.nycmny17.us.bb.gin.ntt.net [129.250.6.81]
 11   115 ms   115 ms   137 ms  ae-0.cloudflare.nycmny17.us.bb.gin.ntt.net [129.250.194.18]
 12   116 ms   116 ms   116 ms  one.one.one.one [1.0.0.1]

ping 1.0.0.1

Disparando 1.0.0.1 com 32 bytes de dados:
Resposta de 1.0.0.1: bytes=32 tempo=115ms TTL=52
Resposta de 1.0.0.1: bytes=32 tempo=116ms TTL=52
Resposta de 1.0.0.1: bytes=32 tempo=116ms TTL=52
Resposta de 1.0.0.1: bytes=32 tempo=117ms TTL=52

Estatísticas do Ping para 1.0.0.1:
    Pacotes: Enviados = 4, Recebidos = 4, Perdidos = 0 (0% de
             perda),
Aproximar um número redondo de vezes em milissegundos:
    Mínimo = 115ms, Máximo = 117ms, Média = 116ms

nslookup -class=chaos -type=txt id.server 1.1.1.1

Servidor:  one.one.one.one
Address:  1.1.1.1

*** one.one.one.one não encontrou id.server: Query refused

nslookup -class=chaos -type=txt id.server 1.0.0.1

Servidor:  one.one.one.one
Address:  1.0.0.1

*** one.one.one.one não encontrou id.server: Query refused

dig +tcp @1.1.1.1 id.server CH TXT

; <<>> DiG 9.10.3-P4-Ubuntu <<>> +tcp @1.1.1.1 id.server CH TXT
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 56145
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;id.server.                     CH      TXT

;; Query time: 1 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu Dec 19 15:07:51 -03 2019
;; MSG SIZE  rcvd: 38

dig +tcp @1.0.0.1 id.server CH TXT

; <<>> DiG 9.10.3-P4-Ubuntu <<>> +tcp @1.0.0.1 id.server CH TXT
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 1809
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;id.server.                     CH      TXT

;; Query time: 2 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Thu Dec 19 15:08:21 -03 2019
;; MSG SIZE  rcvd: 38

TL;DR: if you live in Brazil, move to OpenDNS, Google or NextDNS (https://nextdns.io).

The problem persists. Talked to a few people using other Internet providers and they’re having the same problem. I couldn’t get any answers, so I stopped using CloudFlare’s DNS. Someone at Reddit recommended me NextDNS – https://nextdns.io. Their service is much better!

Everything is customizable in NextDNS, it’s like using Pi-hole. You can block advertisements, specific social networks, pornography, P2P, etc. You can make domains (existing or not) point to the IP you want, so I no longer need to configure this on my Tomato router.

They offer DNS-over-HTTPS, DNS-over-TLS, IPv4 and IPv6.

I needed help with their Windows app and they tried every possible solution until my problem was resolved. In the end it was a setting in Windows, it wasn’t the app’s fault.

I’m glad that CloudFlare released this DNS service and that now we have more options, but honestly it’s not among the best at the moment. OpenDNS and Google are around 4ms, NextDNS at 25ms - almost 5 times higher than the others, but almost 5 times lower than CloudFlare and the customization possibilities make it worthwhile.

1 Like

Hi,

Would you please try again?

And please feel free to email [email protected] with more information (Your IP address/ISP ASN) if you still have an issue.

Thanks,
Frank

1 Like