Act fibernet is routing 1.1.1.1 to its own servers in Bangalore

  • Thread starter Thread starter madh123
  • Start date Start date
  • Replies Replies 54
  • Views Views 16,424
M

madh123

Messages
28
Location
NA
ISP
ACT Fibernet
ACT fibernet routed 1.1.1.1 and 1.0.0.1 to its own servers.

Tracing route to one.one.one.one [1.1.1.1]
over a maximum of 30 hops:

1 1 ms <1 ms <1 ms 192.168.1.1
2 604 ms 141 ms 2 ms 10.243.0.1
3 2 ms 2 ms 2 ms broadband.actcorp.in [202.83.20.205]
4 2 ms 3 ms 2 ms broadband.actcorp.in [202.83.26.1]
5 * * * Request timed out.
6 18 ms 19 ms 18 ms broadband.actcorp.in [183.82.14.133]
7 18 ms 18 ms 19 ms broadband.actcorp.in [183.82.14.158]
8 18 ms 17 ms 18 ms broadband.actcorp.in [183.82.12.38]
9 18 ms 17 ms 17 ms one.one.one.one [1.1.1.1]

Trace complete.

Usual route it should take is via Singapore or Paris but ACT hijacked it so if you are using 1.1.1.1 your queries are being forwarded to their US Datacenters

traceroute to 1.1.1.1 (1.1.1.1), 20 hops max, 60 byte packets
2 * *
3 * *
4 100.64.16.165 (100.64.16.165) 0.501 ms 0.513 ms
5 52.95.67.209 (52.95.67.209) 1.946 ms 1.950 ms
6 52.95.66.108 (52.95.66.108) 8.785 ms 8.800 ms
7 52.95.66.91 (52.95.66.91) 1.945 ms 1.945 ms
8 115.114.89.121.static-Mumbai.vsnl.net.in (115.114.89.121) 2.070 ms 2.073 ms
9 * *
10 * *
11 * *
12 115.114.85.222 (115.114.85.222) 26.098 ms 26.065 ms
13 115.114.85.241 (115.114.85.241) 54.820 ms 54.846 ms
14 if-ae-13-2.tcore1.svw-singapore.as6453.net (180.87.36.83) 63.255 ms 63.239 ms
15 if-ae-11-2.thar1.svq-singapore.as6453.net (180.87.98.37) 55.635 ms 55.639 ms
16 if-ae-7-2.tcore1.svq-singapore.as6453.net (180.87.98.10) 63.100 ms 63.108 ms
17 120.29.215.101 (120.29.215.101) 59.641 ms 59.646 ms
18 one.one.one.one (1.1.1.1) 58.930 ms 58.934 ms

Don't know if it is being done to hijack the queries or it was done by mistake. I did not contact customer care because they dont understand anything about routing


Here is cloudflare community post by me. Even cloudflare replied they cannot do anything about it.

community.cloudflare.com

1.1.1.1 and 1.0.0.1 routed to its own servers by Indian ISP ACT fibernet

Looks like Indian ISP ACT fibernet routed 1.1.1.1 and 1.0.0.1 to its own servers. Please look at the traceroute attached. Its not normal. Tracing route to one.one.one.one [1.1.1.1] over a maximum of 30 hops: 1 1 ms <1 ms <1 ms 192.168.1.1 2 604 ms 141 ms 2 ms 10.243.0.1...
community.cloudflare.com community.cloudflare.com
 
Last edited:
many isps in india block third party dns through this route. excitel is another one i believe.
you do have an option. use encrypted dns.
 
i thought dnssec is something that websites have to do and not user? i guess would have to read about it again!
 
Slightly offtopic. I have been hearing that excitel also blocks third part dns but couldn't verify it. How are you checking it.?
Asking because I can use the cloudfare dns and the traceroute to 1.1.1.1 is also correct.
 
cloudflare-dns.com

1.1.1.1 â the Internetâs Fastest, Privacy-First DNS Resolver

âï¸âï¸ Browse a faster, more private internet.
cloudflare-dns.com cloudflare-dns.com

what does this page show?

i switched from dnscrypt to 1.1.1.1 and this is my result on excitel.

cloudflare-dns.com

1.1.1.1 â the Internetâs Fastest, Privacy-First DNS Resolver

âï¸âï¸ Browse a faster, more private internet.
cloudflare-dns.com cloudflare-dns.com

this is on dnscrypt.

cloudflare-dns.com

1.1.1.1 â the Internetâs Fastest, Privacy-First DNS Resolver

âï¸âï¸ Browse a faster, more private internet.
cloudflare-dns.com cloudflare-dns.com
 

Last edited:
It shows AS number is 0 when I set my DNS to 1.1.1.1 . Basically AS number (autonomous system number is assigned by APNIC for Asia) cannot be 0
 
OP is wrong - they're not hijacking at all. Cloudflare's 1.1.1.1 endpoints are everywhere, not just in Singapore. In this particular case with ACT's internal routing, it's reaching 1.1.1.1 located in Cloudflare's Hyderabad node.

You can verify if that's the case by looking at the link below:

You should see Cloudflare's response with appropriate 'colo' tag along with the datacenter location that's responsible for this. In my and your case, it would be colo=HYD just like yours, because ACT is routing most of Cloudflare to their Hyderabad location.
 
AgentX said:
OP is wrong - they're not hijacking at all. Cloudflare's 1.1.1.1 endpoints are everywhere, not just in Singapore. In this particular case with ACT's internal routing, it's reaching 1.1.1.1 located in Cloudflare's Hyderabad node.

You can verify if that's the case by looking at the link below:

You should see Cloudflare's response with appropriate 'colo' tag along with the datacenter location that's responsible for this. In my and your case, it would be colo=HYD just like yours, because ACT is routing most of Cloudflare to their Hyderabad location.
Click to expand...

DNS and http/s are run on different ports. It is possible to firewall only DNS and let http/s to pass through.
 
Here is my traceroute on BSNL FTTH (Pune), here also it is a local Indian location and does not go to Singapore, so I guess Cloudfare has started local DNS server using AnyCast:

Code: 
PS C:\WINDOWS\system32> tracert 1.1.1.1

Tracing route to one.one.one.one [1.1.1.1]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  10.0.0.1
  2     1 ms     1 ms     1 ms  192.168.1.254
  3     2 ms     2 ms     1 ms  103.77.240.1
  4     2 ms     2 ms     2 ms  218.248.164.97
  5     3 ms     5 ms     2 ms  218.248.164.122
  6     *        *        5 ms  218.248.235.197
  7     5 ms     5 ms     *     218.248.235.198
  8     *        *        *     Request timed out.
  9    41 ms    40 ms    40 ms  125.17.39.241
 10    38 ms    38 ms    38 ms  182.79.141.44
 11    37 ms    37 ms    38 ms  182.79.223.58
 12    38 ms    35 ms    36 ms  one.one.one.one [1.1.1.1]

Trace complete.
 
Last three IPs in my traceroute before 1.1.1.1 belong to Airtel it seems.
 

Similar threads

D
[troubleshooting] wtf is this. can someone explain?
Replies
1
Views
1,818
Anil
S
ACT pathetic routing
Replies
2
Views
2,148
saiprasad76
jose
BSNL : Terrible routing to Singapore servers
Replies
14
Views
6,226
vedantlath
Top