Why are DNS queries using CloudFlare's 1.1.1.1 server timing out?

dns cloudflare

While attempting to use the 1.1.1.1 DNS service provided by Cloudflare on my home network, all queries timed out. I am a CenturyLink fibre (now renamed Quantum Fiber) customer. Why?

Use here means adding it as an explicit DNS resolver in a Mac, a Windows 10 PC and in a linux server running using DNSMasq as a DNS Forwarder.


Solution 1:

Answer

The answer in my case is that the telco equipment commonly used in older installations by CenturyLink treats 1.1.1.1 as a "special address" that is not forwarded – it is used as a captive portal address.

To solve the problem: use the alternate address for the service 1.0.0.1 instead. This also applies if you also want use Cloudflare's DNS over HTTPs solution with 1.1.1.1. This assumes that you can't update the router firmware to address this issue.

Further Information

The router provided by the telco to me is a Technicolor C2100T.

This presentation from CloudFlare pages 14-16 identifies this model and others as exhibiting this behavior:

  • Pace (Arris) 5268
  • D-Link DMG-6661
  • Technicolor C2100T
  • Calix GigaCenter – fixed 2018/Jun/12 thanks to a USER
  • Nomadix (model(s) unknown)
  • Xerox Phaser MFP

Solution 2:

Although the OP has answered their own question for their particular situation, I would like to point out another possible answer in the event that others may have a similar and related issue-- one which I have had.

If using Suricata, such as with pfSense, there is a rule (with similar and related consequences):

#ET POLICY Connection to previously unallocated address space 1.1.1.0/24 suppress gen_id 1, sig_id 2017000

If the rule is disabled or configured to alert only (and not drop), the problem is solved.

Related

Command: sudo su -
How do I fix "WARNING: message was not integrity protected" when using GPG symmetrical encryption?
Windows PDF viewer that auto-refreshes PDF when compiling with pdflatex
Is there a “reverse incremental search” functionality in Fish similar to Bash’s CTRL+R?
What does directory permission 'S' mean? (not lower case, but in upper case)
Windows Search for exact filename and extension only
Solving $2x - \sin 2x = \pi/2$ for $0 < x < \pi/2$ [closed]
Finding Zero Divisors and Units of Rings $\mathbb{Z}_n \times \mathbb{Z}_m$
Probability to obtain more than X with 3 dice.
If $A\subset\mathbb{R^2}$ is countable, is $\mathbb{R^2}\setminus A$ path connected? [duplicate]
Folland, "Real Analysis", Chapter 5.3, Exercise 36.
$\mathbb S_n$ as semidirect product