Sponsored

Cloudflare 1.1.1.1 blocked on Three

Lucian

ULTIMATE Member
Block confirmed. Works fine on EE btw.

For those interested, using the DNS server @ 1.1.1.1 works just fine.
 

clivejo

Top Member
For those interested, using the DNS server @ 1.1.1.1 works just fine.
Seems to be intermittent, I was investigating why my router is throwing weird DNS errors. Some traffic is being blocked to 1.1.1.1 while others aren't!!

http or Port 80 is being blocked, but SSL Port 443 is being blocked intermittently! Some connections are allowed, while some are being blocked.

My Mikrotik router is randomly reporting - DoH server connection error: Network is unreachable
 

clivejo

Top Member
You could just run Pi-hole and Unbound, hosting your own local recursive DNS server on a raspberry pi or something.

My MikroTik router does have it's own DNS server and cache, but makes new requests from Cloudflare 1.1.1.1 via DoH. Three's own DNS are so slow, and I read that Cloudflare host the "fastest" replies. It seems to be falling back on 1.0.0.1 which is why I didn't notice any issues with DNS lookup's but lots of blocked access to 1.1.1.1 in the logs.
 

clivejo

Top Member
Again another case of Three intercepting and interfering with traffic over their network!

Code:
$ telnet 1.1.1.1 80
Trying 1.1.1.1...
Connected to 1.1.1.1.
Escape character is '^]'.
GET / HTTP/1.1
Host:1.1.1.1

HTTP/1.1 307 Temporary Redirect
Content-Type: text/html
Location: http://www.three.co.uk/static/html/iwf/block.html
Content-Length: 152

<html>
<head><title>307 Temporary Redirect</title></head>
<body bgcolor="white">
<center><h1>307 Temporary Redirect</h1></center>
</body>
</html>
Connection closed by foreign host.

Over a VPN, it basically redirects you to https

Code:
$ telnet 1.1.1.1 80
Trying 1.1.1.1...
Connected to 1.1.1.1.
Escape character is '^]'.
GET / HTTP/1.1
Host:1.1.1.1

]HTTP/1.1 301 Moved Permanently
Server: cloudflare
Date: Tue, 17 May 2022 16:46:19 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://1.1.1.1/
CF-RAY: 70cdd3f24fb40c25-AMS

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>cloudflare</center>
</body>
</html>
 

meritez

ULTIMATE Member
My MikroTik router does have it's own DNS server and cache, but makes new requests from Cloudflare 1.1.1.1 via DoH. Three's own DNS are so slow, and I read that Cloudflare host the "fastest" replies. It seems to be falling back on 1.0.0.1 which is why I didn't notice any issues with DNS lookup's but lots of blocked access to 1.1.1.1 in the logs.
Yes but your Mikrotik doesn't ask the root servers, it relies on another DNS provider for the answer.


Unbound has replaced Bind as the preferred DNS solution. Imagine instead of having to speak another DNS server, you have your own DNS that only speaks to the authority domain host for the answer.

You're removing the middle man, removing man in the middle attacks.

Attached is what my pinhole running unbound on port 5335 looks like, it would be great to run this as a container on my Mikrotik, but until then, this is the easiest solution I have.
 

Attachments

  • Screenshot_20220517-190145.png
    Screenshot_20220517-190145.png
    173.8 KB · Views: 29

clivejo

Top Member
It still does not address the key issue here, Three are actively intercepting and interfering with my traffic!!! Cloudflare and 1.1.1.1 are trusted globally, so why are Three interfering with my traffic replacing the actual reply with a page accusing me of committing a crime!!
 

CarlO1460

ULTIMATE Member
Didn’t you just move to smarty?

Edit: you moved a number to smarty you wanted to keep, knowing how terrible the network is(in your opinion)

 

clivejo

Top Member
Didn’t you just move to smarty?

Edit: you moved a number to smarty you wanted to keep, knowing how terrible the network is(in your opinion)

I am with Three because of their Band 20 and it's ability to reach into rural areas. My "internet" is on a 24 month contract with Three and I have invested heavily in a directional antenna/modem/router, Uninterruptible Power Supply(UPS) along with long runs of expensive outdoor cabling! When I first signed up I was getting at least 20Mbps downloads, max was 47Mbps, which I was very happy about. However since the 19th January 2022 the speed dropped like a stone and I only get between about 2-6Mbps, with 30Mbps uploads!

Smarty is rolling month by month. There are no alternatives for me due to location. I have been testing other SIM's but they are even worse than Three (speed and signal wise)

I am on Smarty for about 10 months now! Plus Three own Smarty. Three have only started this non-sense blocking stuff recently, from end Feb for RT and this past couple of weeks for blocking access to 1.1.1.1
 

JaffaMeme

Casual Member
It seems to be fixed now. Somehow 1.1.1.1 got on the IWF URL blocklist and three were first to update the list resulting in them partially blocking HTTP access to 1.1.1.1
 

clivejo

Top Member
Unfortunately, can't confirm that as my log still has intermittent "DoH server connection error". But I've been having connection issues, so probably down to that to be honest.

When did you notice the "fix"?
 

Bubblesthefish6

ULTIMATE Member
It seems to be fixed now. Somehow 1.1.1.1 got on the IWF URL blocklist and three were first to update the list resulting in them partially blocking HTTP access to 1.1.1.1
yeah, it only happened for a little while for me, and 7pm time last night the service was largely online again
 

Norfolk&Signal

Casual Member
I am with Three because of their Band 20 and it's ability to reach into rural areas. My "internet" is on a 24 month contract with Three and I have invested heavily in a directional antenna/modem/router, Uninterruptible Power Supply(UPS) along with long runs of expensive outdoor cabling! When I first signed up I was getting at least 20Mbps downloads, max was 47Mbps, which I was very happy about. However since the 19th January 2022 the speed dropped like a stone and I only get between about 2-6Mbps, with 30Mbps uploads!

Smarty is rolling month by month. There are no alternatives for me due to location. I have been testing other SIM's but they are even worse than Three (speed and signal wise)

I am on Smarty for about 10 months now! Plus Three own Smarty. Three have only started this non-sense blocking stuff recently, from end Feb for RT and this past couple of weeks for blocking access to 1.1.1.1
When a mobile internet connection shows faster upload figures than download figures this is usually an indication of mast congestion - too many other local users sharing the same cell mast at the same time.
 

clivejo

Top Member
When a mobile internet connection shows faster upload figures than download figures this is usually an indication of mast congestion - too many other local users sharing the same cell mast at the same time.
I know this, most normal people can understand this (if I can visually "see" an object, then it can equally "see" me back!) but Three Technical Support will blame everything under the sun but the problem that is staring them in the face.

I have sent my signal figures to them and explained the dish is fixed, pointing directly at the mast and mounted on a mast (ie nothing has changed on my end) The signal RSSI is constant @ -62dB, but the noise is sky high (RSRQ is currently -19.5dB with CQI of 3) on LTE Band 3

Given that I only tend to run Speedtests when I think my connection is "slow" or doing "tests" (ie VPN speeds, tunnels etc), the following is a historical chart of my speeds on Three.

Screenshot 2022-05-20 at 00-12-05 Results Speedtest by Ookla.png


The drop to sub 10 speeds happened between the 19th and 21st of January 2022 and hasn't recovered since. I am pretty convinced Three did something around that time, but after 5 months of beating my head off the brick wall that is Three's Technical support and CEO Complaints Team, I'm going nowhere fast!

I have been through 3 CEO contacts so far. One of them apparently left and didn't even have the manners to tell me, I found out via automated reply! My current CEO contact was away on leave for a few days and promised to reply to me today when returning to office, surprise surprise no email. I have lost count of the number of broken promises, the lies and the contradictory information they given.

When it works, it's brilliant. When it doesn't, it's an absolute nightmare.
 
Last edited:
Top
Promotion
Cheapest Superfast ISPs
  • Hyperoptic £17.99
    Speed 33Mbps, Unlimited
    Gift: None
  • Shell Energy £19.99
    Speed 35Mbps, Unlimited
    Gift: None
  • NOW £20.00
    Speed 36Mbps, Unlimited
    Gift: None
  • Virgin Media £20.00
    Speed 54Mbps, Unlimited
    Gift: None
  • Vodafone £22.00
    Speed 38Mbps, Unlimited
    Gift: None
Large Availability | View All
Cheapest Ultrafast ISPs
  • Gigaclear £17.00
    Speed: 200Mbps, Unlimited
    Gift: None
  • Community Fibre £20.00
    Speed: 150Mbps, Unlimited
    Gift: None
  • Hyperoptic £22.00
    Speed: 158Mbps, Unlimited
    Gift: None
  • Virgin Media £24.00
    Speed: 108Mbps, Unlimited
    Gift: None
  • Vodafone £25.00
    Speed: 100Mbps, Unlimited
    Gift: None
Large Availability | View All
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Promotion
The Top 20 Category Tags
  1. FTTP (4110)
  2. BT (3149)
  3. Politics (2115)
  4. Building Digital UK (2024)
  5. Openreach (1968)
  6. FTTC (1922)
  7. Business (1831)
  8. Mobile Broadband (1605)
  9. Statistics (1509)
  10. 4G (1378)
  11. FTTH (1371)
  12. Virgin Media (1277)
  13. Ofcom Regulation (1241)
  14. Wireless Internet (1233)
  15. Fibre Optic (1232)
  16. Vodafone (926)
  17. EE (905)
  18. 5G (898)
  19. TalkTalk (821)
  20. Sky Broadband (787)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules