←back to thread

1.1.1.1: Fast, privacy-first consumer DNS service

(blog.cloudflare.com)
1895 points _l4jh | 3 comments | 01 Apr 18 12:14 UTC | HN request time: 0.517s | source
1. DyslexicAtheist ◴[01 Apr 18 14:08 UTC] No.16728329[source]
so is a DHCP server address of 1.1.1.1 still perfectly valid for wireless local area networks?

see: http://www.revolutionwifi.net/revolutionwifi/2011/03/explain...

replies(2): >>16728354 #>>16728372 #
2. detaro ◴[01 Apr 18 14:12 UTC] No.16728354[source]
As that article mentions, it wasn't "perfectly valid" even back then, it just didn't hurt. If I understand the specific implementation mentioned there correctly, it'll still work if the interception is done right (only catching DHCP and redirecting it to where it should go, leaving everything else untouched)
3. ge0rg ◴[01 Apr 18 14:15 UTC] No.16728372[source]
It never was perfectly valid. That blog post is incorrect, and network engineers are perfectly fine arguing against that practice. The IP address 1.1.1.1 was reserved by APNIC and now belongs to the APNIC and Cloudflare research project.

Assigning an IP address you don't own on a local network usually means that you cut off access to the actual owner of that address. You might not (immediately) notice it because you don't need to access anything that's located there. But it will set you up for unpleasant surprises in the future when your users (or yourself) want to access a resource that happens to be located there.

RFC 1918 <https://tools.ietf.org/html/rfc1918> provides explicit IP ranges you should use for private resources (10.x.x.x, ~172.16.x.x, 192.168.x.x), which are not routed over the Internet and where your organization is responsible to avoid IP address conflicts.