In the world of the Internet, it’s vitally important that technologies keep evolving. Change is a rule of all technology, even if it comes slowly to fundamental systems like DNS (Domain Name Service).
The company Cloudflare is an infrastructure provider for web applications and networks that has solutions for performance, security, and reliability - including DNS. In April of 2018, Cloudflare launched a new publicly facing DNS resolver at 188.8.131.52, and 184.108.40.206.
You can read about their motivations for doing so here.
Cloudflare is advertising 220.127.116.11 as a go-to DNS server for the public to use, specifically targeting end-users. This means that personal computers, gaming and video consoles, and other end devices could be set to use it as the default DNS server (in addition to gateways themselves). This has implications for gateways that provide routing and/or DNS proxy functionality, in part because these IP addresses were assumed to never be used, even if they are valid public IPv4 addresses.
18.104.22.168 and 22.214.171.124 were previously owned by APNIC and not used externally. Use of both the 126.96.36.199/24 and 188.8.131.52/24 networks has uncovered issues with network devices and services where vendors may have wrongly assumed these networks would never be used globally. For example:
If you are a CDRouter customer, you already have the tests available to make sure your devices support the use of the 184.108.40.206/24 and 220.127.116.11/24 networks. CDRouter’s closed loop test model allows the end user to create a network topology that matches any production network. To verify there are no likely issues with Cloudflare’s new DNS service, CDRouter can be configured to use 18.104.22.168 and 22.214.171.124 as its DNS services. This allows you to test DNS functionality across various WAN modes to make sure all your target CPE configurations will support Cloudflare.
You can verify that LAN clients can send and receive DNS messages to 126.96.36.199/8 using test cases cdrouter_app_21 and cdrouter_app_22 from the apps.tcl test module. These test cases send DNS queries directly to the primary and back DNS servers.
You can also verify the DNS proxy behavior of your CPE devices by running tests from the dns.tcl and dns-tcp.tcl modules. These module offer a comprehensive set of tests to verify DNS proxy behavior of a home or business CPE for both UDP and TCP.
You can create a CDRouter configuration to match Cloudflare’s DNS network by setting the WAN side DNS entries to 188.8.131.52 and 184.108.40.206 respectively. This is done by editing new or existing CDRouter configuration files and setting the DNS services under the WAN interface configuration section:
testvar wanDnsServer 220.127.116.11 testvar wanBackupDnsServer 18.104.22.168
All of these new ways of doing things will have implications for your network and for the devices you build or deploy. CDRouter will continue to explore them for future test cases.