Act fibernet is routing 1.1.1.1 to its own servers in Bangalore

madh123

Member
[OP]
Dec 8, 2015
28
6
ACT fibernet routed 1.1.1.1 and 1.0.0.1 to its own servers.

Tracing route to one.one.one.one [1.1.1.1]
over a maximum of 30 hops:

1 1 ms <1 ms <1 ms 192.168.1.1
2 604 ms 141 ms 2 ms 10.243.0.1
3 2 ms 2 ms 2 ms broadband.actcorp.in [202.83.20.205]
4 2 ms 3 ms 2 ms broadband.actcorp.in [202.83.26.1]
5 * * * Request timed out.
6 18 ms 19 ms 18 ms broadband.actcorp.in [183.82.14.133]
7 18 ms 18 ms 19 ms broadband.actcorp.in [183.82.14.158]
8 18 ms 17 ms 18 ms broadband.actcorp.in [183.82.12.38]
9 18 ms 17 ms 17 ms one.one.one.one [1.1.1.1]

Trace complete.

Usual route it should take is via Singapore or Paris but ACT hijacked it so if you are using 1.1.1.1 your queries are being forwarded to their US Datacenters

traceroute to 1.1.1.1 (1.1.1.1), 20 hops max, 60 byte packets
2 * *
3 * *
4 100.64.16.165 (100.64.16.165) 0.501 ms 0.513 ms
5 52.95.67.209 (52.95.67.209) 1.946 ms 1.950 ms
6 52.95.66.108 (52.95.66.108) 8.785 ms 8.800 ms
7 52.95.66.91 (52.95.66.91) 1.945 ms 1.945 ms
8 115.114.89.121.static-Mumbai.vsnl.net.in (115.114.89.121) 2.070 ms 2.073 ms
9 * *
10 * *
11 * *
12 115.114.85.222 (115.114.85.222) 26.098 ms 26.065 ms
13 115.114.85.241 (115.114.85.241) 54.820 ms 54.846 ms
14 if-ae-13-2.tcore1.svw-singapore.as6453.net (180.87.36.83) 63.255 ms 63.239 ms
15 if-ae-11-2.thar1.svq-singapore.as6453.net (180.87.98.37) 55.635 ms 55.639 ms
16 if-ae-7-2.tcore1.svq-singapore.as6453.net (180.87.98.10) 63.100 ms 63.108 ms
17 120.29.215.101 (120.29.215.101) 59.641 ms 59.646 ms
18 one.one.one.one (1.1.1.1) 58.930 ms 58.934 ms

Don't know if it is being done to hijack the queries or it was done by mistake. I did not contact customer care because they dont understand anything about routing


Here is cloudflare community post by me. Even cloudflare replied they cannot do anything about it.

 
Last edited:

Sushubh

Administrator
Oct 29, 2004
415,383
12,849
Gurugram
many isps in india block third party dns through this route. excitel is another one i believe.
you do have an option. use encrypted dns.
 

madh123

Member
[OP]
Dec 8, 2015
28
6
Yes I have setup pihole, dnscrypt-proxy and enabled dnssec on raspberry pi and using it as my DNS server.
 


Sushubh

Administrator
Oct 29, 2004
415,383
12,849
Gurugram
i thought dnssec is something that websites have to do and not user? i guess would have to read about it again!
 

achaudhary997

Regulars
Apr 15, 2018
96
33
Slightly offtopic. I have been hearing that excitel also blocks third part dns but couldn't verify it. How are you checking it.?
Asking because I can use the cloudfare dns and the traceroute to 1.1.1.1 is also correct.
 

Sushubh

Administrator
Oct 29, 2004
415,383
12,849
Gurugram

what does this page show?

i switched from dnscrypt to 1.1.1.1 and this is my result on excitel.


this is on dnscrypt.

 


Last edited:

madh123

Member
[OP]
Dec 8, 2015
28
6
It shows AS number is 0 when I set my DNS to 1.1.1.1 . Basically AS number (autonomous system number is assigned by APNIC for Asia) cannot be 0
 

AgentX

The Secret Agent
Regulars
Dec 22, 2007
485
59
Chennai
OP is wrong - they're not hijacking at all. Cloudflare's 1.1.1.1 endpoints are everywhere, not just in Singapore. In this particular case with ACT's internal routing, it's reaching 1.1.1.1 located in Cloudflare's Hyderabad node.

You can verify if that's the case by looking at the link below:

You should see Cloudflare's response with appropriate 'colo' tag along with the datacenter location that's responsible for this. In my and your case, it would be colo=HYD just like yours, because ACT is routing most of Cloudflare to their Hyderabad location.