←back to thread

1.1.1.1: Fast, privacy-first consumer DNS service

(blog.cloudflare.com)
1895 points _l4jh | 6 comments | 01 Apr 18 12:14 UTC | HN request time: 0s | source | bottom
1. pmoriarty ◴[01 Apr 18 21:51 UTC] No.16730670[source]
"Visit https://1.1.1.1/ from any device to get started with the Internet's fastest, privacy-first DNS service."

When I try, my browser tells me:

  Bad cert ident from 1.1.1.1: dNSName=*.cloudflare-dns.com cloudf: accept? (y or n)
replies(2): >>16730758 #>>16731684 #
2. cwp ◴[01 Apr 18 22:03 UTC] No.16730758[source]
I get ERR_CONNECTION_REFUSED
replies(1): >>16731693 #
3. prdonahue ◴[02 Apr 18 01:50 UTC] No.16731684[source]
What browser are you using? Almost looks like it doesn't support SANs. Either that or the debug is only printing DNS.1.

  $ openssl s_client -connect 1.1.1.1:443 </dev/null 2>&1 | openssl x509 -noout -text | grep "CN=\|DNS"
          Issuer: C=US, O=DigiCert Inc, CN=DigiCert ECC Secure Server CA
          Subject: C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=*.cloudflare-dns.com
                  DNS:*.cloudflare-dns.com, IP Address:1.1.1.1, IP Address:1.0.0.1, DNS:cloudflare-dns.com, IP Address:2606:4700:4700:0:0:0:0:1111, IP Address:2606:4700:4700:0:0:0:0:1001
4. prdonahue ◴[02 Apr 18 01:51 UTC] No.16731693[source]
Likely that IP address is being used (inadvisably) by something on your network.
replies(1): >>16732073 #
5. cwp ◴[02 Apr 18 03:26 UTC] No.16732073{3}[source]
Looks that way. 1.0.0.1 works fine though.
replies(1): >>16732082 #
6. cwp ◴[02 Apr 18 03:28 UTC] No.16732082{4}[source]
And now, so does 1.1.1.1. I suspect it was something sonic.net was doing, and they had to fix it when this announcement was made.