Cloudflare test

The cloudflare site for verifying several items

https://www.cloudflare.com/ssl/encrypted-sni/# shows a “?” for secure DNS.

I am using DOH and do not know what that represents.

I am now getting on Dec-10-2019 the following results with DNSSEC having a question mark. My ISP Vmedia inc is having DNS problems although I do not know why it should affect cloudflares connections information.

That is a check to see if you use a DNSSEC validating resolver. Most DNS resolvers don’t validate DNSSEC. A few, like 1.1.1.1 and 8.8.8.8 do. Not sure what Cloudflare connection issues you might be having, but that’s not what this screen shows/tests.

I am using DNS over https which uses 1.1.1.1 and the value for DNSSEC changed as I have shown.

What does a question mark mean? The cloudflare IP it is resolving through is 108.162.240.42.

There is explanatory text below the question mark.

Since I have already read the text below this suggest a problem with Cloudflare script in the YYZ, toronto, Canada area.

At the top it says cloudflare 1.1.1.1/help says “connected to 1.1.1.1” is no. But a traceroute say connectivity is avaialble
3 3.52.251.198.in-addr.arpa (198.251.52.3) 83.099 ms 99.973 ms 71.763 ms
4 198.251.49.89 (198.251.49.89) 61.350 ms 59.827 ms 68.642 ms
5 198.251.51.56 (198.251.51.56) 67.104 ms * 54.204 ms
6 198.251.50.16 (198.251.50.16) 99.505 ms 62.177 ms 107.851 ms
7 cloudflare.ip4.torontointernetxchange.net (206.108.34.208) 64.368 ms 67.654 ms 66.780 ms
8 one.one.one.one (1.1.1.1) 71.262 ms 71.030 ms 67.443 ms

Below the cloudflare connectivity says “connectivity to resolver IP address” is yes.

That page says you can connect to 1.1.1.1 however higher up on the page (the first check) says connected to 1.1.1.1 - No. That appears to coincide with the first screenshot which also indicates you may be using a DNS resolver which isn’t 1.1.1.1. The second screenshot also shows you’re not using DoH.

It could be you are and the scripts we have don’t detect it. Determining these things is an imperfect science given multiple ways of configuring DNS resolution on client machines/networks /applications.

So it could be the script is not detecting based on your configuration yes. But the most recent screenshot and the first seem to say the same thing. So if they are broken they are likely broken in the same way.

Is there a specific issue you’re having?

/s/ second to third where appropriate… Too many screenshots in this thread.

The reason I know DOH is working is Firefox shows TRR, Trusted recursive resolver as true for the sites I am visiting.
I also tried a different location in YYZ using DOH, DNS 108.162.240.117 also gave the same results.

the problem has resolved itself 13-Dec-2019. It appears Cloudflare was performing some sort of upgrade but there status page nor this forum had any reports of the issue.