[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [public-dns-discuss] Re: For domains hosted at Akamai CDN, Google DoH's ECS option not taking effects



Akamai will only honor ECS from sources that they have legal agreements with, they will ignore any ECS that you provide in your own dig queries, but they do not ignore ECS from parties with whom they have legal agreements about ECS.

https://tools.ietf.org/html/rfc7871#section-7.3.2 and particularly https://tools.ietf.org/html/rfc7871#section-7.5 have some relevant commentary here, as highlighted in my previous response to George in a different thread: https://groups.google.com/d/msg/public-dns-discuss/JpK7GblfDTA/1vNdjHMQCgAJ.

At the end of the day, diagnostic ECS queries for Akamai hosted domains will not generate the responses you are looking for, regardless of how you send them. If you really need to see that it is working "correctly" you would be best served by making queries without ECS from remote probes such as are operated by RIPE Atlas and others. You can route those queries through public resolvers and see the results you will actually get from those locations.




--
You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-discuss+unsubscribe AT googlegroups.com.
To post to this group, send email to public-dns-discuss AT googlegroups.com.
Visit this group at https://groups.google.com/group/public-dns-discuss.
To view this discussion on the web visit https://groups.google.com/d/msgid/public-dns-discuss/3753bf85-3e87-4e7a-9894-55d9e997d0e1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.