dig google.com @1.1.1.1
Cloudflare?
Didn't find any news around it
Yeah, Cloudflare did a deal with Geoff Huston to use it. It’s reserved for “experimental use."
-Bill
Many providers filter out 1.1.1.1 because too many people use it in their
examples/test code. I doubt that it's a usable IP/service.
Out of 1,000 RIPE Atlas Probes, only 34 report it as unreachable. Very good latency from those who can reach it..
https://atlas.ripe.net/measurements/11859210/#!general
Antonis
There’s at least one vendor *cough* cisco *cough* that has used it as
captive portal IP.
I’m not sure I would try to use it on a client machine because you don’t
know if you’ll reach the internet.
If you know you’re not on a closed network, you could use it instead of
the list of usual suspects, like 8.8.8.8 4.2.2.1 9.9.9.9 etc.
- Jared
Many providers filter out 1.1.1.1 because too many people use it in their
examples/test code. I doubt that it's a usable IP/service.
having previously globally announce 1.1.1.1 ... and some other of it's
friends... not nearly enough people filter it.
We regularly saw ~10gbps+ of traffic to those prefixes.
1.1.1.0/24 and 1.0.0.0/24 both are APNIC's Lab Research Prefixes. APNIC,
probably doing some more data gathering on 1.1.1.1 and doesn't want to be
smashed with Gigs of traffic. Transit is still quite expensive in Aus 
https://www.apnic.net/wp-content/uploads/prop-109/assets/prop-109-v001.txt
A reminder to go back and watch the awesome talk from Nanog 49 about this:
https://youtu.be/RBOPcLpQZ8w
https://www.nanog.org/meetings/nanog49/presentations/Monday/karir-1slash8.pdf
- Jared
1.1.1.0/24 and 1.0.0.0/24 both are APNIC's Lab Research Prefixes. APNIC,
probably doing some more data gathering on 1.1.1.1 and doesn't want to be
smashed with Gigs of traffic.
Doubtful. This is most assuredly going to be a commercial production
recursive DNS service. Matthew (CEO) has said as much on Twitter:
https://twitter.com/eastdakota/status/970214433598275584 and
https://twitter.com/eastdakota/status/970359846548549632
-David
Transit is still quite expensive in Aus 
Yep, they’ve been trying to put something together in this space for several years. Sounds like it may be close now.
I can’t say I envy them their task, as it will be very difficult for them to differentiate in that space, since they don’t have OpenDNS’s many years of experience and fine-tuning and security services, nor Google’s brand-recognition. Verisign have had a reasonably good commercial offering in this space for years, and hardly anyone’s heard of it, for instance. I believe even Neustar does. And they’re all DNS specialists, rather than web-content specialists.
-Bill
Cute. I'm sure this engineering effort to centralize a distributed service will also go a long way to spur IPv6 adoption.
a message of 25 lines which said:
Out of 1,000 RIPE Atlas Probes, only 34 report it as unreachable.
It's still a lot for IPv4. And it measures ony filtering, not hijacking
(which seems to exist, some probes get a DNS reply without the AD
bit, for instance).
Because of the heavy use of 1.1.1.1 in documentation, you can expect a
lot of networks to have trouble. Hey, 1.1.1.1 is even used in
Cloudflare's own documentation!
<Cloudflare API Documentation;
Why do we need this?
We already have 8.8.8.8 and 8.8.4.4.
And any reputable company or ISP should be running their own.
What purpose would this serve?
a message of 15 lines which said:
Also the very amusing
Less amusing, for a DNS service, the brokenness of reverse service:
% dig -x 1.1.1.1
; <<>> DiG 9.10.3-P4-Debian <<>> -x 1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 24536
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;1.1.1.1.in-addr.arpa. IN PTR
;; Query time: 516 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Mar 29 13:37:54 CEST 2018
;; MSG SIZE rcvd: 49
% dig @ns1.apnic.net. NS 1.1.1.in-addr.arpa
; <<>> DiG 9.10.3-P4-Debian <<>> @ns1.apnic.net. NS 1.1.1.in-addr.arpa
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48493
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;1.1.1.in-addr.arpa. IN NS
;; AUTHORITY SECTION:
1.1.1.in-addr.arpa. 86400 IN NS ns7.cloudflare.com.
1.1.1.in-addr.arpa. 86400 IN NS ns3.cloudflare.com.
1.1.1.in-addr.arpa. 172800 IN NSEC 113.1.1.in-addr.arpa. NS RRSIG NSEC
1.1.1.in-addr.arpa. 172800 IN RRSIG NSEC 5 5 172800 (
20180427150337 20180328140337 2371 1.in-addr.arpa.
h44NAaTSpn5wvzTtddlUEKJ8+bikdaTDXnxh5M1bisO0
/NibM7iWfwcuaaWPvNeOutMdA0OBxGwbmErattfyXbRI
KWrBWopBkr8+uVo7BgBYBa2SqY7PdUyYIt40PTjwnsrl
lxBgaHMe1yz6qvQh2oljUJL45HkJnVWoHnuTRq8= )
;; Query time: 317 msec
;; SERVER: 2001:dc0:2001:0:4608::25#53(2001:dc0:2001:0:4608::25)
;; WHEN: Thu Mar 29 13:38:05 CEST 2018
;; MSG SIZE rcvd: 313
% dig @ns7.cloudflare.com -x 1.1.1.1
; <<>> DiG 9.10.3-P4-Debian <<>> @ns7.cloudflare.com -x 1.1.1.1
; (4 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 10538
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;1.1.1.1.in-addr.arpa. IN PTR
;; Query time: 7 msec
;; SERVER: 2400:cb00:2049:1::a29f:606#53(2400:cb00:2049:1::a29f:606)
;; WHEN: Thu Mar 29 13:38:25 CEST 2018
;; MSG SIZE rcvd: 49
% dig @ns3.cloudflare.com -x 1.1.1.1
; <<>> DiG 9.10.3-P4-Debian <<>> @ns3.cloudflare.com -x 1.1.1.1
; (4 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 27962
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;1.1.1.1.in-addr.arpa. IN PTR
;; Query time: 6 msec
;; SERVER: 2400:cb00:2049:1::a29f:21#53(2400:cb00:2049:1::a29f:21)
;; WHEN: Thu Mar 29 13:38:33 CEST 2018
;; MSG SIZE rcvd: 49
Oddly, Matt, we agree again.
a message of 7 lines which said:
We already have 8.8.8.8 and 8.8.4.4.
And 9.9.9.9 and several others public DNS resolvers.
And any reputable company or ISP should be running their own.
I fully agree.
What purpose would this serve?
In Europe, the most common technique of censorship is through lying
DNS resolvers. So, in order to go to forbidden Web sites (music and
film sharing, for instance), many users switched from the ISP's
resolver (which implements the censorship) to a public resolver. See
my talk at NANOG
<https://www.nanog.org/sites/default/files/Bortzmeyer_Dns-Based_Censorship.pdf>
Cloudflare’s website provides some more information: https://1.1.1.1/
According to Cloudflare’s CEO, we’ll have more news on 1/4, so in a few days.
https://twitter.com/eastdakota/status/979257292938911744
From their website I can see that it is a low latency and privacy oriented service. Now whether it’s actually needed, I think there’s place for it in the market. Currently in Greece, 8.8.8.8 is ~65ms away. This is 11ms away.
Antonis
From 1.1.1.1 website:
Cloudflare DNS resolver: