Discussions

I am writing to report an ongoing issue I am experiencing with Control-D DNS services while using Distributel, my residential Internet Service Provider (ISP) in Toronto, Canada. ASN: AS11814.

For the past few days, I have noticed that Control-D's DNS services are possibly intermittently blocked by my ISP. Initially, everything worked seamlessly for several hours, but after some hours, any port53/DoT/DoH/QUIC DNS requests fail entirely, rendering websites inaccessible. Interestingly, direct TCP/UDP connections to IP addresses remain functional, indicating that the issue is isolated to DNS resolution.

Technical Details:

• Location: Toronto, Canada
• Residential ISP: Distributel AS11814
• Router: TP-Link Deco Provided by Distributel (supports only legacy DNS, no encrypted DNS)
• Affected Services: Control-D DNS servers (Legacy IPv4)

Ping Test Results:

All tests were conducted within the same 10-minute window when the issue was occurring.

1. Cloudflare DNS (1.1.1.1)

   Pinging 1.1.1.1 with 32 bytes of data:
   Reply from 1.1.1.1: bytes=32 time=9ms TTL=58
   Reply from 1.1.1.1: bytes=32 time=12ms TTL=58
   Reply from 1.1.1.1: bytes=32 time=10ms TTL=58
   
   Ping statistics for 1.1.1.1:
       Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
   Approximate round trip times in milli-seconds:
       Minimum = 9ms, Maximum = 12ms, Average = 10ms
   

2. Google DNS (8.8.8.8)

   Pinging 8.8.8.8 with 32 bytes of data:
   Reply from 8.8.8.8: bytes=32 time=11ms TTL=116
   Reply from 8.8.8.8: bytes=32 time=10ms TTL=116
   
   Ping statistics for 8.8.8.8:
       Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
   Approximate round trip times in milli-seconds:
       Minimum = 10ms, Maximum = 11ms, Average = 10ms
   

3. Control-D Free DNS (76.76.2.2)

   Pinging 76.76.2.2 with 32 bytes of data:
   Request timed out.
   Request timed out.
   Request timed out.
   Request timed out.
   
   Ping statistics for 76.76.2.2:
       Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
   

4. Control-D Paid DNS (76.76.2.22)

   Pinging 76.76.2.22 with 32 bytes of data:
   Request timed out.
   Request timed out.
   Request timed out.
   Request timed out.
   
   Ping statistics for 76.76.2.22:
       Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
   

5. AdGuard DNS (94.140.14.14 & 94.140.15.15)

   Pinging 94.140.14.14 with 32 bytes of data:
   Request timed out.
   
   Pinging 94.140.15.15 with 32 bytes of data:
   Request timed out.
   Request timed out.
   Request timed out.
   Request timed out.
   
   Ping statistics for 94.140.15.15:
       Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
   

6. Quad9 DNS (9.9.9.9)

   Pinging 9.9.9.9 with 32 bytes of data:
   Reply from 9.9.9.9: bytes=32 time=17ms TTL=58
   Reply from 9.9.9.9: bytes=32 time=78ms TTL=58
   Reply from 9.9.9.9: bytes=32 time=23ms TTL=58
   Reply from 9.9.9.9: bytes=32 time=18ms TTL=58
   
   Ping statistics for 9.9.9.9:
       Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
   Approximate round trip times in milli-seconds:
       Minimum = 17ms, Maximum = 78ms, Average = 34ms
   

7. Mullvad DNS (194.242.2.3)

   Pinging 194.242.2.3 with 32 bytes of data:
   Request timed out.
   Request timed out.
   Request timed out.
   Request timed out.
   
   Ping statistics for 194.242.2.3:
       Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
   

8. OpenDNS (208.67.222.222)

   Pinging 208.67.222.222 with 32 bytes of data:
   Request timed out.
   Request timed out.
   Request timed out.
   Request timed out.
   
   Ping statistics for 208.67.222.222:
       Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
   

Observations:

• Affected DNS Services: Control-D Free and Paid, AdGuard DNS, Mullvad DNS, OpenDNS, and CIRA DNS are experiencing 100% packet loss.
• Unaffected DNS Services: Cloudflare, Google, and Quad9 DNS services are operating normally without any packet loss.
• Temporary Resolution: Rebooting the router (thereby obtaining a new IP address from the ISP) temporarily resolves the issue, allowing Control-D DNS services to function again. However, the problem recurs the following day.

My Questions:

1. Have other Canadian users reported similar DNS blocking issues with Distributel or other ISPs?
2. As Control-D is a Canadian company, are you aware of any industry practices or agreements that might explain why Distributel (or other ISPs in Canada) is selectively blocking certain DNS services? Is this behavior usual or in violation of any regulations or standards?
3. It appears that the ISP is targeting ad-filtering DNS services or smaller DNS providers while allowing larger, non-filtering DNS services like 1.1.1.1, 8.8.8.8, and 9.9.9.9. Do you have insights into why this selective blocking or malfunctioning (if not intentional) is occurring?
4. Recommendations: What solutions or workarounds do you recommend for users facing similar DNS blocking issues, especially for devices like gaming consoles or IoT devices that cannot utilize client-side DoH/DoT configurations?

Thank you.