[00:31] <Ubik> Omnifrog: Honestly, I think it probably was an actual accident. Traceroute to 1.1.1.1 from here only goes two hops.. hop #1 is my EdgeRouter ... hop #2 is it...
[00:31] <Ubik> I have a /29 from AT&T so I don't have to worry about their "blocking" of SIP, IPv6 tunnels etc.
[00:32] <Ubik> If you set up their gateway to use DMZ+ mode to your router, and put that behind there, SIP doesn't work right, tunneling doesn't either. Basically their gateway is intercepting that traffic for its own use (their U-verse phone is SIP, and the IPv6 their gateway hands out is 6rd in a lot of cases.) They just recently (past few weeks) switched me to have native IPv6. Which I am now using on my LAN,
[00:32] <Ubik> server VLAN is still on the HE tunnel (via some creative routing on the edgerouter)
[00:33] <Ubik> Problem is, they've bound 1.1.1.1 to their U-verse gateways and use it for various purposes (if your bill is past due/you're cut off, tere's a connectivity issue, etc. you get redirected to 1.1.1.1 in a lot of cases.) Why they did that, versus RFC1918 space, is beyond me. But it worked fine for them until it didnt (cloudflare.)
[00:34] <Ubik> So it's not so much as they're *blocking* 1.1.1.1 for DNS ... it's more or less they misappropriated 1.1.1.1 for their own use, and got away with it until it was assigned to a legitimate user. And now it's become an issue.
[00:35] <Unit193> Wow....That's pretty lame on their behalf.
[00:37] <Ubik> Yeah, I agree. If they'd of, perhaps followed standards, used something in RFC1918 ... we wouldn't have this problem today.
[00:38] <Ubik> Once upon a time (and thankfully, it was fixed way before I ever had to have their service), their modem would only allow one IP per MAC address.
[00:38] <Ubik> Worked fine until we hooked up a cPanel box (don't ask) behind it with four IPs. None of the secondary IPs worked, and if you SSH'd in and tried to ping something using one of those secondary addresses as the source, it'd work...said secondary then worked, and your SSH died because the primary IP stopped.
[00:39] <Ubik> Support's answer was essentially to connect up a bunch of USB hubs to the server and hook up a separate USB NIC for each IP we needed to use... (of course they didn't mention the policy routing we would also need at that point.)
[00:40] <Ubik> We finally got Charter to install service there without charging us a huge fee, hooked the same server up to their modem and bound multiple IPs without a problem.