I can't connect to 1.1.1.1 and 1.0.0.1 be redirected to the ISP


#1

#2

What is your ISP and router model if possible?


#3

Hi, I’m using dnscrypt-proxy 2.0.8 in a GNU/Linux amd64 system to try to use DoH with Cloudflare.
Everytime I try to run the script I get the following error:
$ dnscrypt-proxy

[2018-04-06 08:59:29] [NOTICE] Source [https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md] loaded
[2018-04-06 08:59:29] [NOTICE] dnscrypt-proxy 2.0.7
[2018-04-06 08:59:29] [NOTICE] Now [listening] to 127.0.0.1:53 [UDP]
[2018-04-06 08:59:29] [NOTICE] Now listening to 127.0.0.1:53 [TCP]
[2018-04-06 08:59:29] [NOTICE] Now listening to [::1]:53 [UDP]
[2018-04-06 08:59:29] [NOTICE] Now listening to [::1]:53 [TCP]
[2018-04-06 08:59:34] [ERROR] Get https://dns.cloudflare.com/dns-query?body=yv4BAAABAAAAAAABAAACAAEAACkQAAAAgAAAAA&ct=&dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAgAAAAA&random_padding=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
[2018-04-06 08:59:34] [NOTICE] dnscrypt-proxy is waiting for at least one server to be reachable
^C[2018-04-06 08:59:51] [NOTICE] Stopped.

I tried changing some routers configs.
The only way it works is using a VPN before executing dnscrypt-proxy
Could you please help me? Thanks in advance.


#4

Can you ping the resolvers?
Try a MTR

‘ip a’ would be helpful as well


#5

1.1.1.1 resolvers
|------------------------------------------------------------------------------------------|
| WinMTR statistics |

Host 1.1.1.1 Sent Recv Best Avrg Wrst Last
10.0.0.1 - 0 61 61 1 15 133 4
No response from host - 100 12 0 0 0 0 0
No response from host - 100 12 0 0 0 0 0
Destination host unreachable. - 100 13 0 0 0 0 0
No response from host - 100 12 0 0 0 0 0
No response from host - 100 12 0 0 0 0 0
No response from host - 100 12 0 0 0 0 0
Destination host unreachable. - 100 14 0 0 0 0 0
No response from host - 100 12 0 0 0 0 0
No response from host - 100 12 0 0 0 0 0
No response from host - 100 12 0 0 0 0 0
Destination host unreachable. - 100 14 0 0 0 0 0
No response from host - 100 12 0 0 0 0 0
No response from host - 100 12 0 0 0 0 0
No response from host - 100 12 0 0 0 0 0
Destination host unreachable. - 100 14 0 0 0 0 0
Destination host unreachable. - 100 13 0 0 0 0 0
Destination host unreachable. - 100 13 0 0 0 0 0
Destination host unreachable. - 100 13 0 0 0 0 0
Destination host unreachable. - 100 13 0 0 0 0 0
Destination host unreachable. - 100 13 0 0 0 0 0
Destination host unreachable. - 100 14 0 0 0 0 0
Destination host unreachable. - 100 15 0 0 0 0 0
Destination host unreachable. - 100 13 0 0 0 0 0
Destination host unreachable. - 100 16 0 0 0 0 0
Destination host unreachable. - 100 15 0 0 0 0 0
Destination host unreachable. - 100 16 0 0 0 0 0
Destination host unreachable. - 100 15 0 0 0 0 0
Destination host unreachable. - 100 16 0 0 0 0 0
Destination host unreachable. - 100 15 0 0 0 0 0
________________________________________________ ______ ______ ______ ______ ______ ______

WinMTR v0.92
1.0.0.1 resolvers
|------------------------------------------------------------------------------------------|
| WinMTR statistics |

Host 1.0.0.1 Sent Recv Best Avrg Wrst Last
1dot1dot1dot1.cloudflare-dns.com - 0 30 30 1 10 138 1
________________________________________________ ______ ______ ______ ______ ______ ______

WinMTR v0.92


#6

My ISP is Viettel Telecom and my router model is TOTOLINK N151RT.


#7

Since you posted the result from WinMTR please add the output of ipconfig /all

10.0.01 is your router?
Interesting thing is that 1.0.0.1 isn’t reachable but the PTR is removed. (1dot1…cloudflaredns.com)

I guess your Linux is a virtual machine?


#8

I am using PC to perform this test.
This is ipconfig

Windows IP Configuration

Host Name . . . . . . . . . . . . : TMMXJE75H67CSFV
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Fcname

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82579V Gigabit Network Connection #2
Physical Address. . . . . . . . . : E8-9D-87-CE-A8-28
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Unknown adapter VPN - VPN Client:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VPN Client Adapter - VPN
Physical Address. . . . . . . . . : 5E-DB-7B-39-91-96
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Fcname
Description . . . . . . . . . . . : Atheros AR938x Wireless Network Adapter
Physical Address. . . . . . . . . : D0-DF-9A-A6-C2-06
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2caa:2d30:f9f6:7c0c%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, August 20, 2018 8:19:02 AM
Lease Expires . . . . . . . . . . : Monday, August 20, 2018 11:29:45 AM
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 248569754
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-E1-FD-B3-D0-DF-9A-A6-C2-06
DNS Servers . . . . . . . . . . . : 10.0.0.1
1.1.1.1
1.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled


#9

And apparently, even 1.0.0.1 is redirected, since this is what dnscrypt-proxy tries to use when you select Cloudflare, hopefully working around 1.1.1.1 being blocked. But 1.0.0.1 is also frequently misused by networking gear and ISPs :frowning:

One thing you can do is just keep the server_names list empty. dnscrypt-proxy will automatically select the fastest alternative for you. You can also set require_dnssec to true to only include resolvers supporting DNSSEC.