Error in adding 1.1.1.1 in DNS Forwarders tab

DNS ForwarderExisting DNS Root HintsHi,

  I heard good thing about using 1.1.1.1 in DNS server. Please see the article: https://blog.cloudflare.com/announcing-1111/
 So I wanted to use it in SBS2011 DNS manager, but I run into an error when I plug it in.
 In the past, I have not entered any DNS here in Forwarders tab so that it uses root hints.
 Has anyone using 1.1.1.1 in forwarder tab in SBS2011?
 Do you know why it is not accepting this IP address?
 Should I add 1.1.1.1 in the Root Hints tab and move it to the top of the list?

Thanks.
LVL 1
sgleeAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MaheshArchitectCommented:
its not working at my server as well

I am unable to telnet it on tcp 53 neither he is able to resolve any public records

Until you are able to telnet it on 53, not of use, what is happening at your end is expected
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sgleeAuthor Commented:
I see. I tried to telnet into 8.8.8.8, 8.8.4.4 198.41.0.4 ... they all respond.
But 1.1.1.1 did not respond.

Thanks for the information.
0
nociSoftware EngineerCommented:
DNS is not normaly meant to run on TCP (telnet is TCP)  that is used only for exceptional large transfers..., like zone transfers between master & slave. So you need to query using UDP...
Two tools for this: nslookup (although that also tends to look in the hosts file).
and dig (domain internet groper) is only talks with DNS servers.
On normal operating DNS servers TELNET SHOULD FAIL (except between Masters & Slaves).... (within AD it can be different IDK).

so the right question is does 1.1.1.1 asnwer queries...
first what does traceroute show...:   (ie. is there a possible path to 1.1.1.1)
1.1.1.1 does answer ping requests.

so the next should work:
dig google.com @1.1.1.1

Open in new window

or this
nslookup
lserver 1.1.1.1
google.com

Open in new window

1
Webinar: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. Join us in our upcoming webinar as we discuss how to best defend against these attacks!

sgleeAuthor Commented:
@noci,

 So what are you saying? Why DNS manager generated an error when I entered 1.1.1.1?
0
nociSoftware EngineerCommented:
I do get answers:
$ ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=59 time=7.10 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=59 time=8.22 ms
^C
--- 1.1.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 7.101/7.662/8.224/0.568 ms
$ nslookup
> lserver 1.1.1.1
Default server: 1.1.1.1
Address: 1.1.1.1#53
> google.com
Server:         1.1.1.1
Address:        1.1.1.1#53

Non-authoritative answer:
Name:   google.com
Address: 172.217.20.78
Name:   google.com
Address: 2a00:1450:400e:80a::200e
> 
$ dig  dig google.com @1.1.1.1

; <<>> DiG 9.11.2-P1 <<>> google.com @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39378
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1536
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             162     IN      A       172.217.20.78

;; Query time: 8 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: do apr 12 21:27:29 CEST 2018
;; MSG SIZE  rcvd: 55

Open in new window

0
sgleeAuthor Commented:
I do get replies too.
Pinging 1.1.1.1 with 32 bytes of data:
Reply from 1.1.1.1: bytes=32 time=1ms TTL=255
Reply from 1.1.1.1: bytes=32 time=2ms TTL=255
Reply from 1.1.1.1: bytes=32 time=2ms TTL=255
Reply from 1.1.1.1: bytes=32 time=2ms TTL=255

But why doesn't DNS manager find it?
0
nociSoftware EngineerCommented:
can you do a dig or nslookup?.... that are DNS query & check tools they do legitimate DNS queries and present the answers.
Dig is best for this.  And traceroute does it show where it goes you will need need
traceroute  -I 1.1.1.1

Open in new window

 on linux systems,  and
tracert 1.1.1.1

Open in new window

on windows.
1.1.1.1 has been used on some sites like well nobody in the world uses it and i need a dummy so lets pick one... 1.. 1.1.1....
1 ms. is ULTRA short..., like you are sitting IN the DNS server.... for fast network links times should be in 10's of ms.
0
MaheshArchitectCommented:
it is possible that 1.1.1.1 is responsive from specific locations and not all locations like google dns

I already tried with nslookup (not just telnet) and it all queries timed out after setting up default name server as 1.1.1.1

Having said that, if this server is not working for OP region, he can't use that

successful ping is not measure of dns is working
0
nociSoftware EngineerCommented:
Agreed,
I am  4 hops away from nearest 1.1.1.1 instance.. ping time is 6-8 ms on a  link is 100Mbps and it is about 30-50 Km from where i am.
so 1ms implies a much faster link than that or less hops.
On a localhost it would be <0.1 ms though.  or 1 hop on 2Gbps = <0.5 ms.  (<20m).

Some additional info
ping 100Km, ADSL link 6 hops = ~10ms.

Then there is the TTL... here 255...  TTL start from 255 (Some systems) or 128 (others) or 64 (mostly)
every router subtracts one .... so 255 means NEXT hop is endpoint
ping can tell how the packets traveled...
Windows:  ping -r 9 1.1.1.1
Linux: ping -R 1.1.1.1
(Not all system may honour this)...

I still think this 1.1.1.1 is a pseudo interface on the Internet gateways or router used as default gateway.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.