Cloudflare public DNS broken w/ AT&T CPE

Wait. What?

Why do you think 1/8 shouldn’t be used for anything?


I didn't say that.

In case this is a non-native English issue, "nobody should have been using" is past tense, which is to say everyone squatting on 1/8 space for their own purposes because it was "unassigned" shouldn't have been doing that.


D-Link DMG-6661 as well.


Tons of it in the US in hotels, airports, and any number of other places that folks have already mentioned. Why we are still experimenting with IPv4 space is a bit of a mystery to me.


Yep, Because you should have been setting up your networks correctly in the first place. There's plenty of private space assigned, use it.


Rhys Williams

Because it would be wasteful not to use it???

Do you have one?

Do you know what is causing it to fail? i.e. IP on internal interface etc.

Marty Strong

dont know if this is a problem but seeing different as paths for and in UK as lands

2 ( 1.964 ms 72.824 ms 72.835 ms
3 ( 2.671 ms 2.577 ms 2.601 ms
4 ( 2.798 ms 2.897 ms 3.123 ms
5 * * *
6 * * *
7 ( 3.786 ms ( 2.542 ms ( 3.736 ms
8 * ( 3.350 ms *

2 ( 3.172 ms 3.154 ms 3.130 ms
3 ( 3.228 ms 3.525 ms 3.502 ms
4 ( 3.781 ms 3.869 ms 3.857 ms
5 * * *
6 ( 16.655 ms 9.496 ms 9.454 ms
7 ( 91.859 ms 2.484 ms 196.896 ms
8 ( 2.504 ms 2.804 ms 2.799 ms


If they are for redundancy, wouldn't it be preferable to route them to
different place to cover more fault scenarios.

I would complain if they are routed to same place.

"how many end users know about or care about DNS, even after reading snake oil advertisements."

None. Nobody cares.

Better start complaining then :slight_smile:

Kind regards,


I don't see how this is Cloudflare's fault really? Its the responsibility of network maintainers to... well, lets be blunt here, maintain their network.

If part of maintaining their network involves updating bogon routes/filters, then that's part of maintaining the network that can't be lapsed.

This is like the WISPs blaming Ubiquiti for their failure to update their CPEs and PtP devices for a security flaw that Ubnt released fix for more then a year before (and for not properly securing the management interfaces of their network devices).

Or even better, the morons who blocked all of even though a good portion of that block is live public IP space. I actually felt really bad for AOL having been assigned IP blocks from that space, since it had to have created customer complaints at times.

There's only one person to blame here, and it's not the RIRs or Cloudflare.

I believe at one point UBNT did block outside management access, but then their customers voiced to bring it back.

That said, I think they're taking security more seriously going forward.

* Hank Nussbacher:

Perhaps they are running all this to shake out exactly these type of
issues? I think that is exactly why APNIC research is called for.

And return another 2**24 addresses to the global IPv4 pool eventually?
That would indeed be a loadable goal.

I'm not entirely sure what Ubnt has changed lately, because I'm not a user of the Air* product lines (usually used by the WISPs), but I know on, for example the Unifi stuff, while the default password is ubnt/ubnt for the devices, as soon as they are paired with a controller, the password is set to a random long strong (on a per site basis).

I seem to remember on new EdgeRouter devices they do have you change the default password during initial web setup. CLI stuff, I think still have to manually change it from the default.

So yeah, big improvements.

That being said, either way, providers that fail to even basic setup tasks like changing the default password do deserve what happens to them.

(Note: I heavily use Ubnt's Unifi and Edge* product lines, so I'm probably biased in one way or another.)

Routing from ~150 locations, plenty of redundancy.

Marty Strong

I recommend to people (if they must use a public resolver) because Quad9/PCH serves local markets of all sizes with anycast nodes and peering, not just "major markets". Since I'm not in a major market I want to support those who support the small markets that are overlooked by the big guys.

So in all this discussion, what I'm finding interesting is that is actually more hops away from me than either or

Do you have one?

Yes, supplied by local broadband provider Vivo. FTTH GPON connection,
router with broadband and IPTV services.

Do you know what is causing it to fail? i.e. IP on internal interface etc.

Interface table:

eth5.2 (WAN2) Static 10.200.a.b Connected NONE
eth5.3 (WAN4) DHCP Unconfigured NONE 0
eth5.4 (WAN5) DHCP Unconfigured NONE 0
ppp0.1/eth5.1 (WAN1) PPPoE 179.x.y.z 200.d.e.f Connected
NONE 527200
ppp1/wan3g (WAN3) PPPoE Unconfigured NONE 0

IP Address
Subnet Mask
br0 Enable
br0:0 Enable

Routing table:

200.x.y.z UH 0 ppp0.1 U 0 br0 U 0 br0 U 0 eth5.2 UG 0 ppp0.1


Stop living in the 1900’s. Parts to 1/8 have be allocated to people for
years now.

1.0.0/24 and 1.2.3/24 have been used for various experiments but the rest
of 1/8 is being allocated for normal use (there may be a couple of more