In the world of the Internet, it’s vitally important that technologies keep evolving. Change is a rule of all technology, even if it comes slowly to fundamental systems like DNS (Domain Name Service).
The company Cloudflare is an infrastructure provider for web applications and networks that has solutions for performance, security, and reliability - including DNS. In April of 2018, Cloudflare launched a new publicly facing DNS resolver at 220.127.116.11, and 18.104.22.168.
You can read about their motivations for doing so here.
Cloudflare is advertising 22.214.171.124 as a go-to DNS server for the public to use, specifically targeting end-users. This means that personal computers, gaming and video consoles, and other end devices could be set to use it as the default DNS server (in addition to gateways themselves). This has implications for gateways that provide routing and/or DNS proxy functionality, in part because these IP addresses were assumed to never be used, even if they are valid public IPv4 addresses.
126.96.36.199 and 188.8.131.52 were previously owned by APNIC and not used externally. Use of both the 184.108.40.206/24 and 220.127.116.11/24 networks has uncovered issues with network devices and services where vendors may have wrongly assumed these networks would never be used globally. For example:
If you are a CDRouter customer, you already have the tests available to make sure your devices support the use of the 18.104.22.168/24 and 22.214.171.124/24 networks. CDRouter’s closed loop test model allows the end user to create a network topology that matches any production network. To verify there are no likely issues with Cloudflare’s new DNS service, CDRouter can be configured to use 126.96.36.199 and 188.8.131.52 as its DNS services. This allows you to test DNS functionality across various WAN modes to make sure all your target CPE configurations will support Cloudflare.
You can verify that LAN clients can send and receive DNS messages to 184.108.40.206/8 using test cases cdrouter_app_21 and cdrouter_app_22 from the apps.tcl test module. These test cases send DNS queries directly to the primary and back DNS servers.
You can also verify the DNS proxy behavior of your CPE devices by running tests from the dns.tcl and dns-tcp.tcl modules. These module offer a comprehensive set of tests to verify DNS proxy behavior of a home or business CPE for both UDP and TCP.
You can create a CDRouter configuration to match Cloudflare’s DNS network by setting the WAN side DNS entries to 220.127.116.11 and 18.104.22.168 respectively. This is done by editing new or existing CDRouter configuration files and setting the DNS services under the WAN interface configuration section:
testvar wanDnsServer 22.214.171.124 testvar wanBackupDnsServer 126.96.36.199
All of these new ways of doing things will have implications for your network and for the devices you build or deploy. CDRouter will continue to explore them for future test cases.