The majority (all?) of Cloudflare web hosts, and the 1.1.1./1.0.0. family of public resolvers, all appear to be setting ToS byte 0x10 / DSCP 0x04 in ipv4 traffic. This affects all the cloudflare web hosts I could find, including this very website, and I can observe it from various VPN endpoints too, so it shouldn’t be the result of any ISP mangling. Pinging random hosts in AS13335 there are a few at least that don’t set this byte.
I’m curious why does Cloudflare set this byte? It seems to be present in icmp echo, dns/udp, and http/tcp packets alike. There is no RFC that describes the DSCP value 0x04 that I could find, and no ietf draft I could find either. What is the intended use of DSCP 0x04? Some kind of L4S experiment gone wrong?
I don’t think this is an issue really, but this byte apparently has an unfortunate interaction with some QoS setting on my parents’ router, causing severe packet loss to wireless clients on the network when communicating with these addresses, which I spent a long time troubleshooting for them the other day and was finally able to resolve.