nanog mailing list archives
Re: 1.1.1.1 support?
From: Alexander Huynh via NANOG <nanog () nanog org>
Date: Wed, 22 Mar 2023 13:49:14 +0000
On 2023-03-22 10:36:03 +0200, Saku Ytti wrote:
Am I correct to understand that 1.1.1.1 only does support via community forum?
The community forum is our preferred method of support, yes.
Why not build a web form where they ask you to explain what is not working, in terms of automatically testable. Like no A record for X. Then after you submit this form, they test against all 1.1.1.1 and some 9.9.9.9 and 8.8.8.8 and if they find a difference in behaviour, the ticket is accepted and sent to someone who understands DNS? If there is no difference in behaviour, direct people to community forums.
I'll take this feedback to our developers.
https://community.cloudflare.com/t/1-1-1-1-wont-resolve-www-moi-gov-cy-in-lca-235m3/487469 https://community.cloudflare.com/t/1-1-1-1-failing-to-resolve/474228
I took a look at the above tickets, and it seems that one of the egress ranges from that datacenter cannot connect to the authoritative nameservers of `www.moi.gov.cy`: `ns01.gov.cy` and `ns02.gov.cy`.
Here's a redacted pcap for those who like details, showing no response:
IP a.b.c.d.56552 > 212.31.118.19.53: 51873+ [1au] A? www.moi.gov.cy. (55)
IP a.b.c.d.51718 > 212.31.118.20.53: 31021+ [1au] A? www.moi.gov.cy. (55)
TCP behaves similarly.
The source prefixes having issues connecting to 212.31.118.19 and
212.31.118.20 are: 172.68.130.0/24, while a neighbouring source prefix
172.68.171.0/24 seems to connect fine.
I'm filing an internal ticket right now to investigate, but I'd appreciate if you could also help us on your end for any possible solutions regarding this connectivity failure.
As a general note regarding the two community posts: the straight deep dive into technical information makes it more difficult for others to interpret the request. As you said in a later post here:
I know almost none of them will have the ability to understand why there is a problem or remediate it.
Not everyone in the Community Forum (nor our company) can pull out the specific datacenter used, the specific machine(s) used, and the source ASN from the `my.ip.fi` curl.
An preamble will greatly help in context.Thanks for reaching out and sorry that you had to escalate to another medium,
-- alex [at] e [dot] sc alexander [at] cloudflare [dot] com
Current thread:
- 1.1.1.1 support? Saku Ytti (Mar 22)
- Re: 1.1.1.1 support? Mark Andrews (Mar 22)
- Re: 1.1.1.1 support? Saku Ytti (Mar 22)
- RE: 1.1.1.1 support? Dennis Burgess (Mar 22)
- Re: 1.1.1.1 support? Saku Ytti (Mar 22)
- Re: 1.1.1.1 support? Matt Harris (Mar 22)
- Re: 1.1.1.1 support? Saku Ytti (Mar 22)
- Re: 1.1.1.1 support? Josh Luthman (Mar 22)
- Re: 1.1.1.1 support? Saku Ytti (Mar 22)
- Re: 1.1.1.1 support? Saku Ytti (Mar 22)
- Re: 1.1.1.1 support? Mark Andrews (Mar 22)
- Re: 1.1.1.1 support? Alexander Huynh via NANOG (Mar 22)
- Re: 1.1.1.1 support? Saku Ytti (Mar 22)