Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

On 04/02/2018 11:58 AM, Rhys Williams wrote: Yep, Because you should have been setting up your networks correctly in the first place. There's plenty of private space assigned, use it. Regards, Rhys Williams April 2, 2018 4:54 PM, "Simon Lockhart" wrote: and now suddenly

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

Yep, Because you should have been setting up your networks correctly in the first place. There's plenty of private space assigned, use it. Regards, Rhys Williams April 2, 2018 4:54 PM, "Simon Lockhart" wrote: > and now suddenly it's our responsibility to make significant

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

Still believe in santa ? ;-) Good luck with that. Best regards. 2018-04-03 8:37 GMT+02:00 Marty Strong via NANOG : > Orange France is known, they just didn’t tell us the exact reason. > > They said that if you contact them, they’ll provide you with an official >

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

Orange France is known, they just didn’t tell us the exact reason. They said that if you contact them, they’ll provide you with an official explanation. Regards, Marty Strong -- Cloudflare - AS13335 Network Engineer ma...@cloudflare.com +44 7584 906 055

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

Hello, On Mon, 2 Apr 2018 16:26:13 +0100 Marty Strong via NANOG wrote: > So far we know about a few CPEs which answer for 1.1.1.1 themselves: > > - Pace 5268 > - Calix GigaCenter > - Various Cisco Wifi access points > > If you know of others please send them my way so we can

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

On 4/2/18 5:10 PM, Mark Andrews wrote: On 3 Apr 2018, at 1:39 am, Seth Mattinen wrote: On 4/2/18 8:35 AM, Simon Lockhart wrote: This looks like a willy-waving exercise by Cloudflare coming up with the lowest quad-digit IP. They must have known that this would cause routing

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

> On 3 Apr 2018, at 1:39 am, Seth Mattinen wrote: > > On 4/2/18 8:35 AM, Simon Lockhart wrote: >> This looks like a willy-waving exercise by Cloudflare coming up with the >> lowest >> quad-digit IP. They must have known that this would cause routing issues, and >> now

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

On Mon, Apr 2, 2018 at 4:32 PM, Marty Strong wrote: > Do you have one? > Yes, supplied by local broadband provider Vivo. FTTH GPON connection, router with broadband and IPTV services. > Do you know what is causing it to fail? i.e. IP on internal interface etc. >

Re: UBNT Security was Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

On 4/2/2018 3:23 PM, Mike Hammett wrote: I believe at one point UBNT did block outside management access, but then their customers voiced to bring it back. That said, I think they're taking security more seriously going forward. I'm not entirely sure what Ubnt has changed lately, because

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

* Hank Nussbacher: > Perhaps they are running all  this to shake out exactly these type of > issues?  I think that is exactly why APNIC research is called for. And return another 2**24 addresses to the global IPv4 pool eventually? That would indeed be a loadable goal.

UBNT Security was Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

://www.midwest-ix.com - Original Message - From: "Brielle Bruns" <br...@2mbit.com> To: nanog@nanog.org Sent: Monday, April 2, 2018 4:20:38 PM Subject: Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE On 4/2/2018 9:35 AM, Simon Lockhart wrote: > Quite. > > This

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

On 4/2/2018 9:35 AM, Simon Lockhart wrote: Quite. This looks like a willy-waving exercise by Cloudflare coming up with the lowest quad-digit IP. They must have known that this would cause routing issues, and now suddenly it's our responsibility to make significant changes to live

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

Do you have one? Do you know what is causing it to fail? i.e. IP on internal interface etc. Regards, Marty Strong -- Cloudflare - AS13335 Network Engineer ma...@cloudflare.com +44 7584 906 055 smartflare (Skype) https://www.peeringdb.com/asn/13335 > On 2 Apr

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

Because it would be wasteful not to use it??? > On Apr 2, 2018, at 11:48, Brett Watson wrote: > > > >> On Apr 2, 2018, at 10:18, John Levine wrote: >> >> In article <7db5fac7-972a-4eb6-89d9-b305a7233...@cloudflare.com> you write: >>> If you know of

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

> On Apr 2, 2018, at 10:18, John Levine wrote: > > In article <7db5fac7-972a-4eb6-89d9-b305a7233...@cloudflare.com> you write: >> If you know of others please send them my way so we can investigate. > > A lot of hotel and coffee shop captive portals use it for the login > and

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

D-Link DMG-6661 as well. Rubens On Mon, Apr 2, 2018 at 12:26 PM, Marty Strong via NANOG wrote: > So far we know about a few CPEs which answer for 1.1.1.1 themselves: > > - Pace 5268 > - Calix GigaCenter > - Various Cisco Wifi access points > > If you know of others please

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

On 4/2/18 10:49, David Conrad wrote: Wait. What? Why do you think 1/8 shouldn’t be used for anything? I didn't say that. In case this is a non-native English issue, "nobody should have been using" is past tense, which is to say everyone squatting on 1/8 space for their own purposes

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

Wait. What? Why do you think 1/8 shouldn’t be used for anything? Regards, -drc -- > On Monday, Apr 02, 2018 at 11:40 AM, Seth Mattinen (mailto:se...@rollernet.us)> wrote: > On 4/2/18 8:35 AM, Simon Lockhart wrote: > > > > This looks like a willy-waving exercise by

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

In article <7db5fac7-972a-4eb6-89d9-b305a7233...@cloudflare.com> you write: >If you know of others please send them my way so we can investigate. A lot of hotel and coffee shop captive portals use it for the login and logout screens. Don't know what the underlying software is, but wander around

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

thats probably a key part of the experiment - to find locations and systems where 1.1.1.1 is trashed. it should be routable and its about time that vendors stopped messing around in that space - hopefully this is one of the sticks that prods people to start to behave - at which point 1.0.0.0/8

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

On 02/04/2018 18:35, Simon Lockhart wrote: > On Mon Apr 02, 2018 at 11:17:47AM -0400, John Levine wrote: >> So it's routed deliberately but it sure looks like an experiment. >> There's way too much equipment that treats 1.1.1.1 as magic for it to >> work reliably. Captive portals tend to use that

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

> On Apr 2, 2018, at 11:35 AM, Simon Lockhart wrote: > > … > This looks like a willy-waving exercise by Cloudflare coming up with the > lowest > quad-digit IP. They must have known that this would cause routing issues, and > now suddenly it's our responsibility to make

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

This looks like a willy-waving exercise by Cloudflare coming up with the lowest quad-digit IP. They must have known that this would cause routing issues, and now suddenly it's our responsibility to make significant changes to live infrastructures just so they can continue to look clever with the

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

On Mon, Apr 2, 2018, at 8:35 AM, Simon Lockhart wrote: > quad-digit IP. They must have known that this would cause routing issues, and > now suddenly it's our responsibility to make significant changes to live > infrastructures just so they can continue to look clever with the IP address. In this

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

On 4/2/18 8:35 AM, Simon Lockhart wrote: This looks like a willy-waving exercise by Cloudflare coming up with the lowest quad-digit IP. They must have known that this would cause routing issues, and now suddenly it's our responsibility to make significant changes to live infrastructures just so

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

On Mon Apr 02, 2018 at 11:17:47AM -0400, John Levine wrote: > So it's routed deliberately but it sure looks like an experiment. > There's way too much equipment that treats 1.1.1.1 as magic for it to > work reliably. Captive portals tend to use that address for the host > you contact to log out.

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

“Routed briefly for passive testing” sounds to me like “black hole it because legitimate traffic shouldn’t be coming to your network from it” > On Apr 2, 2018, at 11:23, Jason Kuehl wrote: > > Not saying you're wrong. But people did it for whatever reason. > >> On

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

So far we know about a few CPEs which answer for 1.1.1.1 themselves: - Pace 5268 - Calix GigaCenter - Various Cisco Wifi access points If you know of others please send them my way so we can investigate. Regards, Marty Strong -- Cloudflare - AS13335 Network

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

Not saying you're wrong. But people did it for whatever reason. On Mon, Apr 2, 2018 at 11:12 AM, Justin Wilson wrote: > 1.0.0.0/8 was assigned to APNIC in 2010. Those who used it as a > placeholder were doing it wrong. It is valid IP space. It just was not > assigned until

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

In article <20180402150821.ga24...@cmadams.net> you write: >Once upon a time, Matt Hoppes said: >> Seeing as how 1.1.1.1 isn’t suppose to be routed > >[citation needed] Look at the WHOIS info -- 1.1.1.0/24 is assigned to APNIC Research, and it says remarks:

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

Just like "S3 dependency check day" Thus begins "National 1.1.1.1 change week" I've already around a few peaces of equipment sets with 1.1.1.1 On Mon, Apr 2, 2018 at 11:05 AM, Matt Hoppes < mattli...@rivervalleyinternet.net> wrote: > Seeing as how 1.1.1.1 isn’t suppose to be routed I’m not

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

1.0.0.0/8 was assigned to APNIC in 2010. Those who used it as a placeholder were doing it wrong. It is valid IP space. It just was not assigned until 2010. Justin Wilson j...@mtin.net www.mtin.net www.midwest-ix.com > On Apr 2, 2018, at 11:05 AM, Matt Hoppes

RE: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

: NANOG <nanog-boun...@nanog.org> On Behalf Of Darin Steffl Sent: Monday, April 02, 2018 11:03 AM To: North American Network Operators' Group <nanog@nanog.org> Subject: Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE I am behind a Calix router at home for my ISP and 1.1.1.1 goes

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

Once upon a time, Matt Hoppes said: > Seeing as how 1.1.1.1 isn’t suppose to be routed [citation needed] -- Chris Adams

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

Seeing as how 1.1.1.1 isn’t suppose to be routed I’m not surprised this is causing odd issues. > On Apr 2, 2018, at 11:03, Darin Steffl wrote: > > I am behind a Calix router at home for my ISP and 1.1.1.1 goes to my router > and not any further. When I enter the IP

Re: Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

I am behind a Calix router at home for my ISP and 1.1.1.1 goes to my router and not any further. When I enter the IP into my browser, it opens the login page for my router. So it appears 1.1.1.1 is used as a loopback in my Calix router. 1.0.0.1 goes to the proper place fine. On Sun, Apr 1, 2018

Cloudflare 1.1.1.1 public DNS broken w/ AT CPE

Greetings, If anyone at 7018 wants to pass a message along to the correct folks, please let them know that Cloudflare's new public DNS service (1.1.1.1) is completely unusable for at least some of AT's customers. There is apparently a bug with some CPE (including the 5268AC). From behind such