cloudflare dns not responding

mw.decavia · 03-15-2024, 09:40 AM

A foolish question, but did cloudflare shutdown it's dns services (free or otherwise) without telling anyone?

I have been using xfinity now wifi pass, with an acceptable level of service. And using cloudflare dns (1.1.1.1 and 1.0.0.1) - standard dns udp:53 with dnssec.

But as of yesterday morning, many dns requests were being delayed by sometimes over 1 minute, and many other dns requests were failing completely after being delayed. And some being redirected through proxies to obviously wrong websites.

As of this morning, cloudflare dns is completely non-responsive. Both standard udp:53 dns and DoH tcp:443 (as implemented by Mozilla) fail on every request.

I am only able to post this message because I switched to xfinity's own dns servers (75.75.75.75 and 75.75.76.76).

Does anyone know more about this?

TenTenths · 03-15-2024, 11:06 AM

Quote:

Originally Posted by mw.decavia

A foolish question, but did cloudflare shutdown it's dns services (free or otherwise) without telling anyone?

I have been using xfinity now wifi pass, with an acceptable level of service. And using cloudflare dns (1.1.1.1 and 1.0.0.1) - standard dns udp:53 with dnssec.

But as of yesterday morning, many dns requests were being delayed by sometimes over 1 minute, and many other dns requests were failing completely after being delayed. And some being redirected through proxies to obviously wrong websites.

As of this morning, cloudflare dns is completely non-responsive. Both standard udp:53 dns and DoH tcp:443 (as implemented by Mozilla) fail on every request.

I am only able to post this message because I switched to xfinity's own dns servers (75.75.75.75 and 75.75.76.76).

Does anyone know more about this?

1.1.1.1 and 1.0.0.1 are working just fine for me:

Code:

# nslookup
> tentenths.com
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   tentenths.com
Address: 5.135.72.81
> server 1.1.1.1
Default server: 1.1.1.1
Address: 1.1.1.1#53
> tentenths.com
Server:         1.1.1.1
Address:        1.1.1.1#53

Non-authoritative answer:
Name:   tentenths.com
Address: 5.135.72.81
> server 1.0.0.1
Default server: 1.0.0.1
Address: 1.0.0.1#53
> tentenths.com
Server:         1.0.0.1
Address:        1.0.0.1#53

Non-authoritative answer:
Name:   tentenths.com
Address: 5.135.72.81
>

teckk · 03-15-2024, 12:43 PM

Code:

dig @1.1.1.1 linuxquestions.org

; <<>> DiG 9.18.24 <<>> @1.1.1.1 linuxquestions.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49755
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;linuxquestions.org.            IN      A

;; ANSWER SECTION:
linuxquestions.org.     300     IN      A       35.244.195.25

;; Query time: 23 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Fri Mar 15 12:42:21 CDT 2024
;; MSG SIZE  rcvd: 63

dig @8.8.8.8 linuxquestions.org

; <<>> DiG 9.18.24 <<>> @8.8.8.8 linuxquestions.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44705
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;linuxquestions.org.            IN      A

;; ANSWER SECTION:
linuxquestions.org.     300     IN      A       35.244.195.25

;; Query time: 46 msec
;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
;; WHEN: Fri Mar 15 12:42:47 CDT 2024
;; MSG SIZE  rcvd: 63

mw.decavia · 03-15-2024, 05:49 PM

Thank you both for answering, knowing that it was not happening to anyone else pointed me to focus my troubleshooting efforts at my end.

After several hours of troubleshooting, I found that the raspberry pi I have been using as a local dns cache with bind 9 had become hacked and seriously compromised. Must be from some remote hacker, because no one else but me had physical access.

The bind was 9.2 , an out of date version, because that is what apt-get installed last summer.

The raspberry did not even have sshd enabled. I configured it's memory card directly. So the security weakness must have been in bind 9.2

I think I will move away from using bind. Maybe unbound would be safer?

Quote:

Originally Posted by teckk

Code:

dig @1.1.1.1 linuxquestions.org

; <<>> DiG 9.18.24 <<>> @1.1.1.1 linuxquestions.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49755
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;linuxquestions.org.            IN      A

;; ANSWER SECTION:
linuxquestions.org.     300     IN      A       35.244.195.25

;; Query time: 23 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Fri Mar 15 12:42:21 CDT 2024
;; MSG SIZE  rcvd: 63

dig @8.8.8.8 linuxquestions.org

; <<>> DiG 9.18.24 <<>> @8.8.8.8 linuxquestions.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44705
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;linuxquestions.org.            IN      A

;; ANSWER SECTION:
linuxquestions.org.     300     IN      A       35.244.195.25

;; Query time: 46 msec
;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
;; WHEN: Fri Mar 15 12:42:47 CDT 2024
;; MSG SIZE  rcvd: 63