Recherchez dans la Communauté

Vous avez une question ?

Interrogez la communauté

internet & fixe ma connexion

Routage d'adresses publiques IPv4 erroné

VincentD2
contributeur
3 682  

Routage d'adresses publiques IPv4 erroné

Bonjour,

 

Suite à l'annonce de Cloudflare du lancement de leur serveur DNS, 1.1.1.1, j'ai essayé d'accéder à leur site web (https://1.1.1.1). Il semblerait que Orange ne suive pas les RFC, et route 1.1.1.1 de façon privée, alors que c'est une adresse publique. Il est possible que cela vienne du firewall de la Livebox ; c'est une configuration commune, même si elle est erronée.

 

Est-ce que Orange peut confirmer ce défaut de configuration, et si une solution sera apportée dans un futur proche ?

 

Merci d'avance.

Balises (4)
16 RÉPONSES 16
harmattan
star
star
3 672  

Re: Routage d'adresses publiques IPv4 erroné

Bonjour @VincentD2

 

Pas de problème pour moi avec le service DNS de opendns.

 

_______________________________Signature_____________________
La justice, c'est comme la Sainte Vierge, si elle n'apparaît pas de temps en temps, le doute s'installe. (Michel Audiard)

Le fait que la méduse ait survécu plus de 650 millions d'années, alors qu'elle n'a pas de cerveau, est-ce une bonne nouvelle pour les cons?
Alain042
contributeur occasionnel
3 658  

Re: Routage d'adresses publiques IPv4 erroné

PhilDur
#TopMembre
#TopMembre
3 654  

Re: Routage d'adresses publiques IPv4 erroné

Bonsoir VincentD2

 

Je ne comprends rien à ton jargon, sauf que tu affirmes que Orange ne sait pas router vers 1.1.1.1

 

Et ça :

Orange_016_01042018_203010.jpg

 

Est-ce que ça change ton point de vue ?

 

 

Cordialement

PhilDur

Faites confiance aux produits libres : Firefox, Thunderbird, LibreOffice, Irfanview, VLC, 7-zip, FileZilla
Votre machine vous en remerciera
PhilDur
#TopMembre
#TopMembre
3 647  

Re: Routage d'adresses publiques IPv4 erroné

Quel est l'intéret d'utiliser un DNS plus lent, si ce n'est de ralentir tous tes accès réseau ?

Orange_017_01042018_204010.jpg

 

Et voila la conclusion du scan

 


DNS Benchmark Conclusions & Recommendations

What the results you have just obtained mean to YOU

The results summary, conclusions, and recommendations from your most recent run of this DNS benchmark are provided below. Please carefully consider the implications of making any changes to your system's current configuration before doing so.


ý System has only ONE (router based) nameserver configured.
It appears that only one local (router gateway) DNS nameserver, with the IP address of [192.168.1.1], is currently providing all DNS name resolution services to this system. This configuration is not recommended because most consumer-grade routers provide inefficient and under-powered DNS resolution services.

Unless the DNS resolvers your router is using is under your control, it may not be providing the best or complete name resolution services. For example, is it using multiple redundant DNS nameservers?

Users of GRC's DNS Spoofability system have determined that consumer-grade routers can be crashed by the receipt of specific DNS reply packets from the Internet. This opens the possibility that Internet-based criminals could acquire access to your router from the Internet as well as to the private network in controls.

Many consumer-grade routers fail to provide the full range of DNS lookup services. This may have been detected by the benchmark and noted below.

Recommended Actions:

Unless you have some specific reason not to, you should give serious thought to disabling your router's provisioning of DNS services (which it is providing for all computers on your local network). After this is done, a fresh reboot of your computers will likely reveal the multiple DNS nameservers provided by your ISP. This is a superior configuration, without an under-powered router acting as a incompetent middleman and impeding all DNS access.

Note that if you can determine the IP addresses of your ISP-provided nameservers (which may be visible in your router's web configuration) you could manually add them to the nameservers being tested by this benchmark, while also leaving your router providing DNS. This would allow you to compare the performance when running through your router versus "going direct".


þ System's sole nameserver is alive and replying to queries.
Although this system has only one DNS resolving nameserver, at least it is alive and replying to DNS queries.  (If it were not, you would likely be painfully aware, since it would be difficult to accomplish anything requiring Internet access.)


þ System nameserver is faster than ALL public alternatives.
The DNS resolver your system is using is responding faster than any of the 100% reliable publicly available alternative DNS nameservers this benchmark utility just tested. Therefore, there would be no performance benefit from switching to any of those publicly available nameservers. However, since you only have a single system nameserver configured, it might be useful to use some of the fastest public nameservers as backups if that's possible in your situation. Please also note that this best performance appraisal assumes that this system's nameserver is 100% reliable. See the next item below for an appraisal of your nameserver's reliability.

Note: If there appeared to be one or more faster public alternative nameservers, there was enough uncertainty created by the spread of benchmark timing results that it was not possible to be at least 95% confident that any of those faster seeming nameservers really were reliably faster than the nameserver this system is currently using. So it made no sense to alarm you about the need to change things when there was insufficient evidence.


þ This system's nameserver is 100% reliable.
DNS reliability is extremely important, since lookup requests that are dropped and ignored by nameservers cause significant delays in Internet access while the querying system waits for a reply. The system is then finally forced to reissue the query to the same or to backup nameservers. While your system is patiently waiting for a reply, you are impatiently waiting to get on with your Internet access.

During this benchmark test, the system's nameserver tested returned a reply for every request sent. It doesn't get any better than that. Very nice.


þ This system nameserver returns errors.
This is a GOOD thing!  Some DNS providers, such as OpenDNS and even the Earthlink, Roadrunner and Comcast ISPs, redirect incorrectly entered URLs to their own advertising-laden marketing-driven interception page instead of simply returning an error to the web browser. But this system's nameserver is returning errors when asked to lookup non-existent domain names.


þ System nameserver is replying to all query types.
During the development of this DNS Benchmark we discovered that the routers used by some pre-release testers were not returning results for the benchmark's Uncached and/or Dotcom testing queries. Even though these queries are admittedly unusual, they are completely valid. So the only conclusion was that those few routers were inherently defective. The good news here is that your nameserver is replying to these unusual but valid queries.


____________________________________________________________________

REMEMBER TO CHECK SPOOFABILITY !!
Whether you make any changes to your nameservers or not, but
especially if you do, be sure to verify the security of your final DNS
resolver set by using GRC's free "DNS Spoofability" testing service!

 http://www.GRC.com/dns/dns.htm
_______________________________________________________________________________________________________________________


If you require assistance . . .

If you require assistance with the implementation any of the suggested changes to your system's DNS configuration, several sources of help are available:

For help with the operation and use of this DNS Benchmark program, please reference the extensive DNS Benchmark pages at the GRC website:

 http://www.GRC.com/dns/benchmark.htm

For help with any of the specific conclusions or recommendations above, please see the DNS Benchmark FAQ (Frequently Asked Questions) page:

 http://www.GRC.com/dns/benchmark-faq.htm

Knowledge of the DNS domain name system is widespread among those in public technical Internet forums. You will very likely be able to obtain answers to any specific questions you may have by asking knowledgeable inhabitants of online communities.

GRC maintains and operates a comprehensive online "newsgroup" community and has a specific newsgroup - grc.dns - dedicated to the discussion of DNS issues including this DNS benchmark program (where it was developed) and GRC's online DNS Spoofability testing service. Please see the following web page for help with joining and participating in GRC's terrific newsgroups:

 http://www.GRC.com/discussions.htm

GRC's technical support services are limited to the support of licensees of our commercial software products and do not extend to the support of our freely available software or online services. Please do not write to us (GRC / Gibson Research Corporation) for assistance in connection with this freeware utility.

You will find that ample help is freely available
within the Internet community.  Thank you!

- Steve Gibson

Please Note: This program is Copyright (c) 2010 by Gibson Research Corporation -- ALL RIGHTS RESERVED. This program is FREEWARE. Although it may not be altered in any way, it MAY BE FREELY COPIED AND DISTRIBUTED onto and through any and all computer media in ANY form or fashion. You are hereby granted the right to do so.
• • •

 

Cordialement

PhilDur

Faites confiance aux produits libres : Firefox, Thunderbird, LibreOffice, Irfanview, VLC, 7-zip, FileZilla
Votre machine vous en remerciera
Alain042
contributeur occasionnel
3 588  

Re: Routage d'adresses publiques IPv4 erroné

Bon visiblement vu certains articles, c'est n'est finalement peut-être pas un poisson d'avril...

Cependant ca ne fonctionne pas super en tout cas depuis le réseau Orange, mais il semble que c'est pareil avec pas mal d'ISP de part le monde...

 

pour le 1.1.1.1

Le ping ca répond bien

a.jpg

 

Par contre les résolutions DNS c'est pas ca

Nslookup

b.jpg

 

ou Dig

c.jpg

 

Il semble cependant que ca fonctionne sur leur ip secondaire, la 1.0.0.1 si je ne me trompe pas

d.jpg

 

 

Après, comme dit précédement, il existe déjà tout un tas de DNS qui fonctionnent bien

Quad9: 9.9.9.9  (ipv6: 2620:fe::fe )

Google: 8.8.8.8  et 8.8.4.4  (ipv6: 2001:4860:4860::8888  et  2001:4860:4860::8844 )

FDN: 80.67.169.12  et  80.67.169.40  (ipv6: 2001:910:800::12  et  2001:910:800::40 )

Freedns: 37.235.1.174 et 37.235.1.177

Opennicproject.org

 

Avec tout ca il y a déjà de quoi faire....

PhilDur
#TopMembre
#TopMembre
3 573  

Re: Routage d'adresses publiques IPv4 erroné

Dernier point

Plus un DNS est loin en nombre de routeurs traversés,

plus on se ralentit les accès internet

plus on agmente le risque de perdre sa connectivité.

 

Le meilleur DNS est souvent le plus "proche".

Cordialement

PhilDur

 

Faites confiance aux produits libres : Firefox, Thunderbird, LibreOffice, Irfanview, VLC, 7-zip, FileZilla
Votre machine vous en remerciera
FabienJ
ancien webconseiller
ancien webconseiller
3 442  

Re: Routage d'adresses publiques IPv4 erroné

Bonjour, 


Notre service expertise analyse la situation concernant le comportement de la Livebox. 

Nous reviendrons vers vous afin de vous communiquer plus d'informations à ce sujet. 


Bonne journée à vous.

Fabien

signature.jpg

guru
contributeur occasionnel
3 414  

Re: Routage d'adresses publiques IPv4 erroné

Le meilleur DNS n'est pas seulement le plus rapide, c'est également celui qui ne ment pas sur décision de justice, à cause d'une legislation qui ne respecte pas la neutralité du net.

 

Bref, derrière ma live play, impossible de ping 1.1.1.1

COCO1780
contributeur
3 386  

Re: Routage d'adresses publiques IPv4 erroné

Le meilleur DNS est peut-être aussi celui qui a le taux de panne le plus faible.
Ce qui est vraiment dommage c'est de ne pas pouvoir choisir dans les paramètres DHCP de la box quels serveurs on veut utiliser sur notre réseau local.

 

(Venant d'un autre opérateur ou l'on peut avoir une ip fixe, choisir ses DNS, créer des accès VPN ... c'est dur ne pas avoir beaucoup de choix dans la configuration de notre réseau local, mais c'est un autre sujet).

Vous avez une question ?

Interrogez la communauté

Déjà 752970 membres inscrits 🧡

2787 personnes actuellement en ligne

Tous les membres en ligne