When I try to query MX records for any domain on 1.1.1.1 I just get an empty response. CNAMEs, As, and other records show just fine. Also one.one.one.one is not responding. Could it be that my ISP is blocking the requests? But then why only MX records?
Your ISP might possibly hijack requests to 1.1.1.1. What about 1.0.0.1?
Which operating system are you using?
Thanks for your response. I called my ISP and they deny any DNS filtering or anything, they say they will investigate on their side. And only MX records are affected, not any other which is weird.
The same with 1.0.0.1 and also 8.8.4.4 and 8.8.8.8 with the same error. https to 1.1.1.1 also not working. Running dig (linux openSUSE) I get this:
❯ dig caih.org MX @1.1.1.1
; <<>> DiG 9.18.4 <<>> caih.org MX @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 27626
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;caih.org. IN MX
;; Query time: 16 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Mon Aug 01 13:32:56 -05 2022
;; MSG SIZE rcvd: 37
tcdump shows this:
13:33:15.816089 enp9s0u2u1u2 Out IP 192.168.8.170.49759 > one.one.one.one.domain: 928+ [1au] MX? caih.org. (49)
13:33:15.829652 enp9s0u2u1u2 In IP one.one.one.one.domain > 192.168.8.170.49759: 928 Refused 0/0/1 (37)
Note the status: REFUSED
What’s the output of this command?
curl -H 'accept: application/dns-json' 'https://1.1.1.1/dns-query?name=caih.org&type=MX'
❯ curl -H 'accept: application/dns-json' 'https://1.1.1.1/dns-query?name=caih.org&type=MX'
curl: (7) Failed to connect to 1.1.1.1 port 443 after 1044 ms: No route to host
and
❯ tracepath 1.1.1.1
1?: [LOCALHOST] pmtu 1500
1: 192.168.8.1 8.192ms
1: 192.168.8.1 3.707ms
2: 192.168.200.1 7.012ms
3: no reply
4: 172.21.21.110 21.609ms
5: 200.124.224.54 19.161ms
6: one.one.one.one 14.243ms !H
Resume: pmtu 1500
And:
❯ ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=59 time=17.2 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=59 time=13.5 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=59 time=13.6 ms
64 bytes from 1.1.1.1: icmp_seq=4 ttl=59 time=16.6 ms
64 bytes from 1.1.1.1: icmp_seq=5 ttl=59 time=11.9 ms
64 bytes from 1.1.1.1: icmp_seq=6 ttl=59 time=15.6 ms
^C
--- 1.1.1.1 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5007ms
rtt min/avg/max/mdev = 11.941/14.757/17.221/1.876 ms
It really seems as if your ISP is hijacking that address.
What do these commands show?
curl -H 'accept: application/dns-json' 'https://1.0.0.1/dns-query?name=caih.org&type=MX'
dig caih.org MX @1.0.0.1
dig caih.org MX @8.8.8.8
ping 1.0.0.1
ping cloudflare.com
traceroute 1.0.0.1
Well, that pretty much says it - your ISP appears to hijack these IP addresses.
I get similar results. When I try other DNS servers I get correct responses. The ping times to Cloudflare are much higher and the traceroute also much longer. ISP responded that they might have some DNS caching for Cloudflare and public google dns that might be misconfigured.
Is DNS caching politically correct for address hijacking? 
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.