Hey folks,

Anyone else having the issue: Cloudflare DNS services on its primary ip address 1.1.1.1 is inaccessible. But their backup/secondary 1.0.0.1 is accessible

#1: https://1.1.1.1 is inaccessible



#2: Regular DNS lookup requests to 1.1.1.1 fails



#3: Encrypted DNS over TLS to 1.1.1.1 fails (what the heck is dns over tls?)



Note that, pinging 1.1.1.1 works fine, 1.1.1.1 is responding. Traceroute looks fine not looking so good (edit2: 1.0.0.1 traceroute comparison added. looks like traffic to 1.1.1.1 via maxis is not making it to the cloudflare.myix.my (a local internet exchanging)).



1.1.1.1 appears to be accessible from other ISPs. I tested DiGi was accessible. The issue has been persisting since sometime last week. Called fault reporting @ maxis helpdesk at 123 but the support staff could not understand the problem (He tried change my maxis router's dns to google dns in an attempt to fix the problem) and did not assign a case id; and asked that I email custermersupport@maxis.com.my instead to resolve my issue. Emailed them on 15th Oct 2019, today is the 17th 24 hours no response what so ever; no acknowledgement of receiving my email.

Cloudflare is a major content delivery network (CDN) their servers don't usually go down for such an extended period of time. Is this: ignorance, incompetence or worse: shenanigans on Maxis's part?

EDIT: spelling

EDIT2: traceroute to 1.0.0.1 comparison added. looks like traffic to 1.1.1.1 via maxis is not making it to the cloudflare.myix.my (a local internet exchanging)

This post has been edited by lonewalker: Oct 17 2019, 07:57 PM

Problem with the Maxis network. Cloudflare network is ok from their status page.

Duh...obviously , I stated that was able to access with other local ISP on my post

This post has been edited by lonewalker: Oct 17 2019, 01:59 PM

No other choice then, have to wait for the Maxis network team to fix this problem. Complain to them also no use because the helpdesk people do not understand the problem.

Or jump to other ISP is the other choice.

How to fix, when network team no acknowledge problem? It was not a complain, it was a report.

Edited: for contex clarity

This post has been edited by lonewalker: Oct 17 2019, 01:59 PM

The one thing i learned about Customer Service reps is that these front liners are robots. Soulless, but cant blame them. They have to follow SOP ,or else they will get penalized . They cant simply go according to their way. They have to assume most customers are dumb ass.

Anything too technical they cant handle, they will pass it to their next level, technical dept.
And usually their technical dept will either say "no issue" or find reasons to say its "not" their fault.

I'm not saying you are abusing. But in their T&C goes like below:

https://www.maxis.com.my/terms-conditions/




Their engineers wont tell their customers nor bow down to the customers to give an exception to allow you to use CloudFare's DNS.

To solve the problem - Is to change telco.
Sorry to burst your bubble, but trust me, their engineers probably knew about it, and usually they wouldn't want to admit (that they are blocking it intentionally) to prevent customers 'abusing' the network.

Right now using YooDo aka Celcom and using CloudFare DNS too. No problem with it, and other public DNS.
Previously Umobile also no issue with Public DNS.

This post has been edited by SleeplessEyes: Oct 17 2019, 11:31 AM

Accessing cloudflare @ https://1.1.1.1 is not against the ToS nor illegal. Neither is using commands 'ping', 'nslookup' and 'kdig' in a command line prompt for network diagnostic purposes.

There is a misconfiguration, Cloudflare backup 1.0.0.1 is up and all expected services are up. Whether the misconfiguration was a deliberate attempt to block/intercept or not, (if it is) its is a sloppy one because cloudflare's secondary dns ip was seemingly untouched.

Any deliberate blocking of public dns infrastuture, eg. cloudflare (1.1.1.1)or google dns (8.8.8.8) is active censorship like https://www.pcmag.com/news/322126/turkey-bl...-3-dns-services

This post has been edited by lonewalker: Oct 17 2019, 01:59 PM

digi block 1.1.1.1 dns. at least for me.

Afaik, DNS over HTTPS using Cloudflare DNS 1.1.1.1 = is like a built-in browser VPN = makes it more difficult for the mobile telcos to do Deep Packet Inspection of the web traffic of their subscribers, in order to detect illegal users, eg those who put their phone SIM card inside a modified 4G modem-router(= IMEI changed/modified to a phone IMEI).
....... Maybe that's why.

Cloudflare also operates regular unencrypted DNS also on 1.1.1.1. Their VPN service is WARP+ which just released out from testing by limited users which is unrelated to the issue.

Google DNS also has encrypted version of DNS, DNS over TLS https://developers.google.com/speed/public-...cs/dns-over-tls
Encrypted DNS eg. DNS over TLS and DNS over HTTPS is expected to be adopted by next generation web browsers of Chrome and Firefox. https://www.bleepingcomputer.com/news/techn...aces-criticism/

This is Maxis Fiber I'm on ; baseless speculation;

This post has been edited by lonewalker: Oct 17 2019, 04:24 PM

It is UP on DiGi from my end. Mana ada block

on digi, for both 1.0.0.1 and 1.1.1.1

Nope. Works on Digi all the time. So far never been blocked by Digi.

Finally, someone who actually checks things instead of jumping to baseless speculation (and not replying for the sake of post count ).

How about 1.1.1.1 on https?

This post has been edited by lonewalker: Oct 17 2019, 01:53 PM

*

Maxis mobile phone users can also use Cloudflare's encrypted DNS over HTTPS 1.1.1.1 via a mobile browser.

For Maxis Fiber users, torrenting is illegal or not allowed or blocked. Maybe Cloudflare's encrypted DNS over HTTPS 1.1.1.1 can bypass the block. Maybe it is MCMC's directive to the ISPs to block Cloudflare's encrypted DNS over HTTPS 1.1.1.1

More purely baseless speculation; If its a block why block one not the entire thing 1.1.1.1 AND 1.0.0.1 (it is their back up, like 8.8.4.4 to Google DNS 8.8.8.8).

Why only Cloudflare 1.1.1.1? Other public DNS resolvers: Google DNS 8.8.8.8, 8.8.4.4? Cisco OpenDNS 208.67.222.222; 208.67.220.220? Quad9 9.9.9.9; 149.112.112.112? The rest no block?

This post has been edited by lonewalker: Oct 17 2019, 02:15 PM

Maxis does not make the law and cannot just declare something illegal, even if it declares so in their terms of of service (for the record they did not declare torrenting is illegal in their ToS).
Torrenting is legal, however distribution of files that infringing on copyrights/ related to illegal activities are NOT LEGAL.

Maxis does not block P2P protocols like torrents, however maxis reserves the right to manage the traffic in their network as they see fit, ie. prioritize/depriotize (traffic shape) certain internet traffic (VoIP, netflix, etc).
Torrents are not being blocked: I'm downloaded/seeding the opensource Raspbian Linux OS for the Pi SBCs just fine on maxis (at reasonable speeds mind you).

TL;DR: It is NEITHER. It is LEGAL / ALLOWED and NOT BLOCKED on Maxis. Please stop spreading disinformation / wrong information.

This post has been edited by lonewalker: Oct 17 2019, 03:13 PM

.
Sorry, it should be throttled, not blocked or illegal. But trying to bypass P2P throttling by the ISP is illegal.

https://www.maxis.com.my/support/products-a...one-home-fibre/

My words exactly

And please cite the source for this: (so that we all could learn something new today)
Hint: for something to be illegal in Malaysia you should start looking in Google: {something something} Act of Malaysia {insert year} ; Akta {something something} Malaysia {insert year}. for example: AKTA DADAH BERBAHAYA 1988

This post has been edited by lonewalker: Oct 17 2019, 03:46 PM

Afaik, the difference between Google DNS 8888/8844 and Cloudflare's DNS over HTTPS 1111 is encryption of web traffic in the latter but not in the former.

ISPs cannot see or inspect the latter without doing some serious hacking.