[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [public-dns-discuss] Re: For domains hosted at Akamai CDN, Google DoH's ECS option not taking effects



Hi, Ben. Could you please give any further clue on this?
That will help a lot.

I entered two different ECS subnet IPs which are from UK and USA, but the results seem all to be IPs from Japan (I am sending these curls from China).

[gezhaozhi@gezhaozhideMacBook-Pro:/Users/gezhaozhi]

$curl 'https://dns.google.com/resolve?name=api.anote-app.com&type=A&edns_client_subnet=158.43.240.3'

{"Status": 0,"TC": false,"RD": true,"RA": true,"AD": false,"CD": false,"Question":[ {"name": "api.anote-app.com.","type": 1}],"Answer":[ {"name": "api.anote-app.com.","type": 5,"TTL": 168,"data":"api.anote-app.com.edgekey.net."},{"name": "api.anote-app.com.edgekey.net.","type": 5,"TTL": 1436,"data": "e25583.a.akamaiedge.net."},{"name": "e25583.a.akamaiedge.net.","type": 1,"TTL":19,"data": "23.54.124.8"},{"name": "e25583.a.akamaiedge.net.","type": 1,"TTL": 19,"data": "23.212.54.123"}],"Additional":[],"edns_client_subnet": "158.43.240.3/0","Comment": "Response from 88.221.81.192."}

[gezhaozhi@gezhaozhideMacBook-Pro:/Users/gezhaozhi]

$curl 'https://dns.google.com/resolve?name=api.anote-app.com&type=A&edns_client_subnet=204.117.214.10'

{"Status": 0,"TC": false,"RD": true,"RA": true,"AD": false,"CD": false,"Question":[ {"name": "api.anote-app.com.","type": 1}],"Answer":[ {"name": "api.anote-app.com.","type": 5,"TTL": 25,"data":"api.anote-app.com.edgekey.net."},{"name": "api.anote-app.com.edgekey.net.","type": 5,"TTL": 1525,"data": "e25583.a.akamaiedge.net."},{"name": "e25583.a.akamaiedge.net.","type": 1,"TTL":19,"data": "23.212.54.123"},{"name": "e25583.a.akamaiedge.net.","type": 1,"TTL": 19,"data": "23.54.124.8"}],"Additional":[],"edns_client_subnet": "204.117.214.10/0","Comment": "Response from 23.61.250.103."}


在 2018年11月9日星期五 UTC+8下午5:53:57,Ben Tasker写道:
There's an error in your command.

You need to quote the URL as it contains ampersands - anything following those will not be included in your request, so in this case the ECS information you've specified in the query string isn't sent.

{"Status": 0,"TC": false,"RD": true,"RA": true,"AD": false,"CD": false,"Question":[ {"name": "api.anote-app.com.","type": 1}],"Answer":[ {"name": "api.anote-app.com.","type": 5,"TTL": 299,"data": "api.anote-app.com.edgekey.net."},{"name": "api.anote-app.com.edgekey.net.","type": 5,"TTL": 1799,"data": "e25583.a.akamaiedge.net."},{"name": "e25583.a.akamaiedge.net.","type": 1,"TTL": 19,"data": "2.17.210.16"},{"name": "e25583.a.akamaiedge.net.","type": 1,"TTL": 19,"data": "2.17.210.48"}],"Additional":[],"edns_client_subnet": "204.117.214.10/0","Comment": "Response from 2.22.11.92."}


On Fri, Nov 9, 2018 at 9:18 AM, George Ge <gezh... AT gmail.com> wrote:

Jietu20181109-171822.png



On Friday, November 9, 2018 at 5:17:19 PM UTC+8, George Ge wrote:


Hi. I am curious why Google DoH's ECS option is not effecting the result.
I am aware that Akamai CDN does not accept ECS options, but Google DoH's recursive resolvers should be geo-distributed so that it is not a problem that Akamai not taking in ECS.
Between Google DoH's recursive resolver and authoritative name servers (Akamai CDN in this case), is Google DoH solely replying on ECS to carry the clientIP?
Thanks.

--
You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-discuss+unsubscribe AT googlegroups.com.
To post to this group, send email to public-dn...@googlegroups.com.
Visit this group at https://groups.google.com/group/public-dns-discuss.
To view this discussion on the web visit https://groups.google.com/d/msgid/public-dns-discuss/88236da2-535f-4c27-bfed-fc987d3a402d%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.



--

--
You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-discuss+unsubscribe AT googlegroups.com.
To post to this group, send email to public-dns-discuss AT googlegroups.com.
Visit this group at https://groups.google.com/group/public-dns-discuss.
To view this discussion on the web visit https://groups.google.com/d/msgid/public-dns-discuss/9217d324-d46d-4286-ba10-e21599282f64%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.