Cisco meraki

Hi,

We have being using the cloudflare name servers so far and i must say it was working fine.
Recently we have installed meraki devices in our infrastructure.
But Cisco meraki devices use the IP 1.1.1.1 for their internal use and they advice the other switches via ARP that they are the destination of the IP 1.1.1.1
Meraki support has confirmed this behaviour.

The consequence is that our servers/workstations are not able to react the cloudflare IP 1.1.1.1
For the moment, our DNS relies only on the IP 1.0.0.1. if it fails, we will be in the dark.

Does Cloudflare provide by chance a third name servers IP that we can use for redundancy purpose?
if not, what other name servers shall we use? openDNS, google, other?

Thanks

Cloudflare doesn’t provide a third IP, but the issue here is not Cloudflare’s. Cisco is improperly using someone else’s IP as private. There are specific ranges for doing this (and the 1.0.0.0/8 one was never in this list), they are to blame given the bad configuration they are pushing and have been pushing.

I would recommend firstly complain to them (maybe once a sufficient number of complaints have been filed they will address it) and as a backup use any of the others. I personally prefer Google’s because they at least do not hijack failed requests, but others may different for privacy concerns. There are also Quad9 (9.9.9.9, but there are variations based on filtering) and a myriad of others.

PS: I would also suggest setting up a local DNS server (usually the router has it already integrated) which then forwards to 1.1.1.1, it would reduce double queries for the same records with local caching.

1 Like