US, TDS Fiber, ActionTec T3200M block 1111 and 1001

US TDS Fiber (wicked fast! :grinning: )using ActionTec T3200M router, running all the OSes: Fedora, Ubuntu, Raspian, Android, even Windows. Can’t reach 1.1.1.1. Here are tests:

$ dig example.com @1.1.1.1

; <<>> DiG 9.11.13-RedHat-9.11.13-2.fc30 <<>> example.com @1.1.1.1
;; global options: +cmd
;; connection timed out; no servers could be reached

$ dig example.com @1.0.0.1

; <<>> DiG 9.11.13-RedHat-9.11.13-2.fc30 <<>> example.com @1.0.0.1
;; global options: +cmd
;; connection timed out; no servers could be reached

$ dig example.com @8.8.8.8

; <<>> DiG 9.11.13-RedHat-9.11.13-2.fc30 <<>> example.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48891
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;example.com. IN A

;; ANSWER SECTION:
example.com. 7382 IN A 93.184.216.34

;; Query time: 14 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Dec 31 16:55:07 EST 2019
;; MSG SIZE rcvd: 56

$ dig +short CHAOS TXT id.server @1.1.1.1
;; connection timed out; no servers could be reached

$ dig +short CHAOS TXT id.server @1.0.0.1
;; connection timed out; no servers could be reached

$ traceroute 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
1 _gateway (192.168.1.1) 3.821 ms 3.758 ms 3.710 ms
2 _gateway (192.168.1.1) 3055.260 ms !H 3055.264 ms !H 3055.230 ms !H

$ traceroute 1.0.0.1
traceroute to 1.0.0.1 (1.0.0.1), 30 hops max, 60 byte packets
1 _gateway (192.168.1.1) 3.339 ms 3.221 ms 3.155 ms
2 _gateway (192.168.1.1) 3028.722 ms !H 3028.679 ms !H 3030.091 ms !H

$ dig +tcp @1.1.1.1 id.server CH TXT
;; Connection to 1.1.1.1#53(1.1.1.1) for id.server failed: host unreachable.

$ dig +tcp @1.0.0.1 id.server CH TXT
;; Connection to 1.0.0.1#53(1.0.0.1) for id.server failed: host unreachable.

$ openssl s_client -connect 1.1.1.1:853
140354131887936:error:02002071:system library:connect:No route to host:crypto/bio/b_sock2.c:110:
140354131887936:error:2008A067:BIO routines:BIO_connect:connect error:crypto/bio/b_sock2.c:111:
connect:errno=113

$ openssl s_client -connect 1.0.0.1:853
140454055118656:error:02002071:system library:connect:No route to host:crypto/bio/b_sock2.c:110:
140454055118656:error:2008A067:BIO routines:BIO_connect:connect error:crypto/bio/b_sock2.c:111:
connect:errno=113

$ curl -H ‘accept: application/dns-json’ ‘https://cloudflare-dns.com/dns-query?name=cloudflare.com&type=AAAA
{“Status”: 0,“TC”: false,“RD”: true, “RA”: true, “AD”: true,“CD”: false,“Question”:[{“name”: “cloudflare.com.”, “type”: 28}],“Answer”:[{“name”: “cloudflare.com.”, “type”: 28, “TTL”: 151, “data”: “2606:4700::6811:af55”},{“name”: “cloudflare.com.”, “type”: 28, “TTL”: 151, “data”: “2606:4700::6811:b055”}]}

Is the T3200M connected to an ONT via the RJ-45 WAN port? If so, do you have another device you can swap out temporarily to rule out the T3200M? If not, is it connected via MoCA (coax) or RJ-11 (DSL)?

1 Like

Of course, how embarrassing. I can swap out the router for a test. :facepalm:

Thanks, @Zenexer !

The ActionTec T3200M connects to WAN via an RJ-45, I guess to the Optical Network Terminal.

Sure enough, an old dusty D-Link DIR-655 dragged out of the back of the closet connected to 1.1.1.1 fine: via a browser, using dig and all the other tests:

$ dig example.com @1.1.1.1

; <<>> DiG 9.11.13-RedHat-9.11.13-2.fc30 <<>> example.com @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6695
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;example.com. IN A

;; ANSWER SECTION:
example.com. 8851 IN A 93.184.216.34

;; Query time: 14 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Wed Jan 01 14:12:57 EST 2020
;; MSG SIZE rcvd: 56

$ dig +short CHAOS TXT id.server @1.1.1.1
“IAD”

$ dig +tcp @1.1.1.1 id.server CH TXT

; <<>> DiG 9.11.13-RedHat-9.11.13-2.fc30 <<>> +tcp @1.1.1.1 id.server CH TXT
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29188
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;id.server. CH TXT

;; ANSWER SECTION:
id.server. 0 CH TXT “IAD”

;; Query time: 16 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Wed Jan 01 14:13:51 EST 2020
;; MSG SIZE rcvd: 54

$ traceroute 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
1 * _gateway (192.168.1.1) 0.605 ms 0.721 ms
2 * cntcnhhed11-dy1001-secondary24.network.tds.net (96.61.80.1) 2.547 ms 2.833 ms
3 h64-50-239-76.mdsnwi.tisp.static.tds.net (64.50.239.76) 11.308 ms 11.336 ms 11.374 ms
4 206.126.237.30 (206.126.237.30) 17.568 ms 19.959 ms 17.543 ms
5 one.one.one.one (1.1.1.1) 16.936 ms 19.164 ms 16.934 ms

I will pursue with my ISP to see if they have updated router or firmware available.

Trouble ticket sent to the TDS ISP resulted in a support call where the support engineer disclaimed “advanced” use of network configurations. Suggested I try configuring a machine on the DMZ, which almost sounds reasonable. Tested it out today but since it is really still going through the same router, I got the same result: ping/traceroute/nslookups get stuck in the router and timeout after 3 seconds, as shown above in this thread.

So, I’m inclined to note the ActionTec T3200M as “NOT COMPATIBLE” with 1.1.1.1

One more kink, though: using an Android phone with the 1.1.1.1 app, WiFi only going through the same router, phone data turned off, successfully connects to 1.1.1.1 – how can a phone app bypass my broken router!!! Turning off the 1.1.1.1 app on the phone results in the expected “The site can’t be reached” https://1.1.1.1 is unreachable. So the 1.1.1.1 app is doing some kind of routing around the broken router.

Because it’s a VPN and not connecting to 1.1.1.1 to establish the VPN connection. A VPN is needed to use 1.1.1.1 as DNS server on mobile networks, because you can’t change them on your own.

Update your firmware.

Reference: (referring back to this thread :rofl:)

1 Like

Update: I posted a request to TDS tp be notified when the v11 update was available and TDS scheduled an onsite with a technician. After reviewing the situation, we concluded the v11 update was still in an interim state (and previous versions had knocked out the TDSTV portions of the router) so being the Friday before a bowl weekend, elected to hold off. Central office support claims version 12 is likely to be available in a matter of weeks and worth waiting for. Version 12 should be an “over the air” overnight update not requiring onsite service.

This has prio 1! Absolutely… :sweat_smile::wink: