Has Cloudflare or my ISP blocked access to 1.1.1.1?

Hello Cloudflare Community,

I’ve been a huge fan of 1.1.1.1 as my primary DNS server. Unfortunately, as of 2 days ago, I no longer can access it or the backup server as a means of upstream DNS for my private home network.

Some background info:

  • ISP: Xfinity/Comcast
  • WAN IP: Static since moving in (June 2018)
  • I host NGINX/Reverse Proxy & am careful regarding open ports
  • Work from home and benefit immensely from 1.1.1.1’s speed
  • Work = involves a TON of google searches
  • Around 1-2 month ago, I started receiving Captcha’s on a regular basis on various shopping sites
  • Within the last few weeks, it escalated to receiving “Access Restricted” error on several of those same pages
  • Captcha escalated and has spread across several other domains, requiring numerous entries to clear it
  • 2 Days ago, my entire network spanning over several VLAN’s lost all internet access
  • After much testing, s/NAT reinforced 1.1.1.1 & 1.0.0.1 were the root cause
  • Pinging both Cloudflare IP’s result in Destination Host Unreachable
  • However, when pinging from my parent’s router, connected through a VPN, I immediately get a response.

I’m 95% sure that either Xfinity or Cloudflare is restricting access to my beloved 1.1.1.1 DNS Server.

Before I try and battle it out with Xfinity, can someone confirm or deny that Cloudflare is the root cause? It could save me an immense amount of time.

Thank you so much

I should note that for my work, the fastest DNS resolution possible is paramount. I’ve tried using the top performing upstream providers, using DNS Benchmark, but I’m finding that certain domains still hang and take forever to load. I’m really not sure what my next step is.

You could try mtr or traceroute to see where is the packet loss happening.

I’ve tried. It exits my router and goes nowhere.

1 Like

FINALLY figured out the dns resolution issue. I was organizing and rearranging vlan subnet’s, and accidentally assigned 10.1.4.254/4 on port switch0.40 (ERX) instead of /24.

I figured it out by looking at my routing tables. It had two entries with 0.0.0.0 as their Destination, which is typically reserved for your WAN port.

For those of you who haven’t experienced an issue like this before, the behavior was bizarre. With my particular mishap, web sites would randomly choose to launch and then not launch minutes later. I knew something whacky was going on when I couldn’t ping Google’s DNS, Cloudflare’s, and half of DNS Benchmark’s list was unavailable.

1 Like