3

Anonymous ECS is sending wrong ISP from ISP Viettel

Recently, I'm checking an anonymous ECS record, found out that the ECS IP address sent is from ISP Akamai and not from ISP Viettel.

; <<>> DiG 9.16.28 <<>> vi.wikipedia.org CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31497
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;vi.wikipedia.org.              CH      A
;; ANSWER SECTION:
vi.wikipedia.org.       85983   IN      CNAME   dyna.wikimedia.org.
dyna.wikimedia.org.     183     IN      A       103.102.166.224
;; ADDITIONAL SECTION:
proto.nextdns.io.       0       CH      TXT     "DOH"
client.nextdns.io.      0       CH      TXT     "115.73.146.xxx"
server.nextdns.io.      0       CH      TXT     "vultr-sin-1"
profile.nextdns.io.     0       CH      TXT     "fp8c8cdc8407f6c54a"
client-name.nextdns.io. 0       CH      TXT     "nextdns-cli"
smart-ecs.nextdns.io.   0       CH      TXT     "23.40.76.0/24"
;; Query time: 45 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 21 11:54:20 SE Asia Standard Time 2023
;; MSG SIZE  rcvd: 298

I continue to do the test with ISP VNPT, then the ECS IP results send the correct ISP VNPT

; <<>> DiG 9.16.24 <<>> vi.wikipedia.org CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22694
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;vi.wikipedia.org.              CH      A
;; ANSWER SECTION:
vi.wikipedia.org.       2400    IN      CNAME   dyna.wikimedia.org.
dyna.wikimedia.org.     2400    IN      A       103.102.166.224
;; ADDITIONAL SECTION:
profile.nextdns.io.     2400    CH      TXT     "fp6402603a1e89ab0b"
client.nextdns.io.      2400    CH      TXT     "123.19.xxx.xxx"
proto.nextdns.io.       2400    CH      TXT     "DOH"
server.nextdns.io.      2400    CH      TXT     "anexia-han-1"
client-name.nextdns.io. 2400    CH      TXT     "dnscrypt"
smart-ecs.nextdns.io.   2400    CH      TXT     "14.160.0.0/24"
;; Query time: 527 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 21 10:07:53 SE Asia Standard Time 2023
;; MSG SIZE  rcvd: 294

I check the results from Maxmind

A friend suggested the ECS IP range for ISP Viettel 125.234.51.0/24. I tested it with Google DNS, the results returned the Akamai CDN IP address at ISP Viettel.

; <<>> DiG 9.16.28 <<>> cf.shopee.vn +subnet=125.234.51.0/24
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 335
;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; CLIENT-SUBNET: 125.234.51.0/24/0
;; QUESTION SECTION:
;cf.shopee.vn.                  IN      A
;; ANSWER SECTION:
cf.shopee.vn.           3       IN      CNAME   cf.shopee.vn.akamaized.net.
cf.shopee.vn.akamaized.net. 561 IN      CNAME   a1958.w16.akamai.net.
a1958.w16.akamai.net.   20      IN      A       125.234.51.42
a1958.w16.akamai.net.   20      IN      A       125.234.51.106
a1958.w16.akamai.net.   20      IN      A       125.234.51.43
a1958.w16.akamai.net.   20      IN      A       125.234.51.105
a1958.w16.akamai.net.   20      IN      A       125.234.51.41
a1958.w16.akamai.net.   20      IN      A       125.234.51.99
a1958.w16.akamai.net.   20      IN      A       125.234.51.114
a1958.w16.akamai.net.   20      IN      A       125.234.51.96
;; Query time: 39 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Feb 21 12:20:34 SE Asia Standard Time 2023
;; MSG SIZE  rcvd: 251
; <<>> DiG 9.16.28 <<>> www.tiktok.com +subnet=125.234.51.0/24
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38698
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; CLIENT-SUBNET: 125.234.51.0/24/0
;; QUESTION SECTION:
;www.tiktok.com.                        IN      A
;; ANSWER SECTION:
www.tiktok.com.         1800    IN      CNAME   www.tiktok.com.edgesuite.net.
www.tiktok.com.edgesuite.net. 13589 IN  CNAME   a2047.r.akamai.net.
a2047.r.akamai.net.     20      IN      A       27.71.113.82
a2047.r.akamai.net.     20      IN      A       27.71.113.80
a2047.r.akamai.net.     20      IN      A       27.71.113.72
a2047.r.akamai.net.     20      IN      A       27.71.113.74
a2047.r.akamai.net.     20      IN      A       27.71.113.73
a2047.r.akamai.net.     20      IN      A       27.71.113.83
a2047.r.akamai.net.     20      IN      A       27.71.113.67
a2047.r.akamai.net.     20      IN      A       27.71.113.81
a2047.r.akamai.net.     20      IN      A       27.71.113.75
;; Query time: 101 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Feb 21 12:21:16 SE Asia Standard Time 2023
;; MSG SIZE  rcvd: 269

While I use NextDNS, the IP address is not in ISP Viettel (or server in Vietnam)

; <<>> DiG 9.16.28 <<>> cf.shopee.vn CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4608
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;cf.shopee.vn.                  CH      A
;; ANSWER SECTION:
cf.shopee.vn.           58      IN      CNAME   cf.shopee.vn.akamaized.net.
cf.shopee.vn.akamaized.net. 598 IN      CNAME   a1958.w16.akamai.net.
a1958.w16.akamai.net.   18      IN      A       104.88.70.82
a1958.w16.akamai.net.   18      IN      A       104.88.70.90
a1958.w16.akamai.net.   18      IN      A       104.88.70.64
;; ADDITIONAL SECTION:
server.nextdns.io.      0       CH      TXT     "vultr-sin-1"
proto.nextdns.io.       0       CH      TXT     "DOH"
profile.nextdns.io.     0       CH      TXT     "fp8c8cdc8407f6c54a"
client.nextdns.io.      0       CH      TXT     "115.73.146.159"
client-name.nextdns.io. 0       CH      TXT     "nextdns-cli"
smart-ecs.nextdns.io.   0       CH      TXT     "23.40.76.0/24"
;; Query time: 55 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 21 12:28:40 SE Asia Standard Time 2023
;; MSG SIZE  rcvd: 368
; <<>> DiG 9.16.28 <<>> www.tiktok.com CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25934
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.tiktok.com.                        CH      A
;; ANSWER SECTION:
www.tiktok.com.         819     IN      CNAME   www.tiktok.com.edgesuite.net.
www.tiktok.com.edgesuite.net. 19751 IN  CNAME   a2047.r.akamai.net.
a2047.r.akamai.net.     20      IN      A       23.220.203.19
a2047.r.akamai.net.     20      IN      A       23.220.203.27
a2047.r.akamai.net.     20      IN      A       23.220.203.11
a2047.r.akamai.net.     20      IN      A       23.220.203.26
a2047.r.akamai.net.     20      IN      A       23.220.203.10
a2047.r.akamai.net.     20      IN      A       23.220.203.17
a2047.r.akamai.net.     20      IN      A       23.220.203.18
a2047.r.akamai.net.     20      IN      A       23.220.203.32
a2047.r.akamai.net.     20      IN      A       23.220.203.16
;; ADDITIONAL SECTION:
server.nextdns.io.      0       CH      TXT     "vultr-sin-1"
profile.nextdns.io.     0       CH      TXT     "fp8c8cdc8407f6c54a"
client.nextdns.io.      0       CH      TXT     "115.73.146.159"
client-name.nextdns.io. 0       CH      TXT     "nextdns-cli"
proto.nextdns.io.       0       CH      TXT     "DOH"
smart-ecs.nextdns.io.   0       CH      TXT     "23.40.76.0/24"
;; Query time: 360 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 21 12:29:08 SE Asia Standard Time 2023
;; MSG SIZE  rcvd: 466

Please check and update the correct anonymous ECS sending IP address with ISP Viettel. Thank you!

7replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • I keep checking the domain `www.lazada.vn` when enabling and disabling the anonymous ECS feature.

    * Enable ECS

    ; <<>> DiG 9.16.28 <<>> www.lazada.vn CHAOS @127.0.0.1
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25551
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 7
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 1232
    ;; QUESTION SECTION:
    ;www.lazada.vn.                 CH      A
    ;; ANSWER SECTION:
    www.lazada.vn.          112     IN      CNAME   www-ion-sni.lazada.edgekey.net.
    www-ion-sni.lazada.edgekey.net. 9570 IN CNAME   e175318.dsca.akamaiedge.net.
    e175318.dsca.akamaiedge.net. 0  IN      A       23.200.142.176
    e175318.dsca.akamaiedge.net. 0  IN      A       104.70.235.64
    ;; ADDITIONAL SECTION:
    profile.nextdns.io.     0       CH      TXT     "fp8c8cdc8407f6c54a"
    client.nextdns.io.      0       CH      TXT     "115.73.146.xxx"
    client-name.nextdns.io. 0       CH      TXT     "nextdns-cli"
    proto.nextdns.io.       0       CH      TXT     "DOH"
    server.nextdns.io.      0       CH      TXT     "greencloud-han-1"
    smart-ecs.nextdns.io.   0       CH      TXT     "23.40.76.0/24"
    ;; Query time: 35 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Mon Feb 27 10:32:16 SE Asia Standard Time 2023
    ;; MSG SIZE  rcvd: 369

    * Disable ECS

    ; <<>> DiG 9.16.28 <<>> www.lazada.vn CHAOS @127.0.0.1
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54906
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 7
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 1232
    ;; QUESTION SECTION:
    ;www.lazada.vn.                 CH      A
    ;; ANSWER SECTION:
    www.lazada.vn.          77      IN      CNAME   www-ion-sni.lazada.edgekey.net.
    www-ion-sni.lazada.edgekey.net. 9535 IN CNAME   e175318.dsca.akamaiedge.net.
    e175318.dsca.akamaiedge.net. 20 IN      A       27.77.82.136
    e175318.dsca.akamaiedge.net. 20 IN      A       27.77.82.153
    ;; ADDITIONAL SECTION:
    client-name.nextdns.io. 0       CH      TXT     "nextdns-cli"
    proto.nextdns.io.       0       CH      TXT     "DOH"
    server.nextdns.io.      0       CH      TXT     "greencloud-han-1"
    client.nextdns.io.      0       CH      TXT     "115.73.146.xxx"
    profile.nextdns.io.     0       CH      TXT     "fp8c8cdc8407f6c54a"
    smart-ecs.nextdns.io.   0       CH      TXT     "not sent"
    ;; Query time: 108 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Mon Feb 27 10:32:51 SE Asia Standard Time 2023
    ;; MSG SIZE  rcvd: 364

    * With ISP's DNS

    ; <<>> DiG 9.16.28 <<>> www.lazada.vn
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27157
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 1232
    ; COOKIE: 9c410e169f7f4d6c0100000063fc262fe606254d7257d318 (good)
    ;; QUESTION SECTION:
    ;www.lazada.vn.                 IN      A
    ;; ANSWER SECTION:
    www.lazada.vn.          217     IN      CNAME   www-ion-sni.lazada.edgekey.net.
    www-ion-sni.lazada.edgekey.net. 20078 IN CNAME  e175318.dsca.akamaiedge.net.
    e175318.dsca.akamaiedge.net. 81 IN      A       27.77.82.153
    e175318.dsca.akamaiedge.net. 81 IN      A       27.77.82.136
    ;; Query time: 7 msec
    ;; SERVER: 203.113.188.1#53(203.113.188.1)
    ;; WHEN: Mon Feb 27 10:40:31 SE Asia Standard Time 2023
    ;; MSG SIZE  rcvd: 187

    * With Google DNS

    ; <<>> DiG 9.16.28 <<>> www.lazada.vn @8.8.8.8
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53583
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 512
    ;; QUESTION SECTION:
    ;www.lazada.vn.                 IN      A
    ;; ANSWER SECTION:
    www.lazada.vn.          300     IN      CNAME   www-ion-sni.lazada.edgekey.net.
    www-ion-sni.lazada.edgekey.net. 11002 IN CNAME  e175318.dsca.akamaiedge.net.
    e175318.dsca.akamaiedge.net. 7  IN      A       27.77.82.225
    e175318.dsca.akamaiedge.net. 7  IN      A       27.77.82.235
    ;; Query time: 88 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)
    ;; WHEN: Mon Feb 27 11:05:25 SE Asia Standard Time 2023
    ;; MSG SIZE  rcvd: 156
    

    * Check out GeoIP on MaxMind

     

    Like
  • The ECS IP address of the Viettel ISP is still not fixed. Please check and fix it. Thank you!

    ; <<>> DiG 9.16.28 <<>> www.tiktok.com CHAOS
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61084
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 7
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 1232
    ;; QUESTION SECTION:
    ;www.tiktok.com.                        CH      A
    ;; ANSWER SECTION:
    www.tiktok.com.         1221    IN      CNAME   www.tiktok.com.edgesuite.net.
    www.tiktok.com.edgesuite.net. 7967 IN   CNAME   a2047.api10.akamai.net.
    a2047.api10.akamai.net. 20      IN      A       23.210.250.59
    a2047.api10.akamai.net. 20      IN      A       23.210.250.56
    a2047.api10.akamai.net. 20      IN      A       23.210.250.57
    a2047.api10.akamai.net. 20      IN      A       23.210.250.51
    a2047.api10.akamai.net. 20      IN      A       23.210.250.64
    a2047.api10.akamai.net. 20      IN      A       23.210.250.48
    a2047.api10.akamai.net. 20      IN      A       23.210.250.115
    a2047.api10.akamai.net. 20      IN      A       23.210.250.65
    a2047.api10.akamai.net. 20      IN      A       23.210.250.50
    ;; ADDITIONAL SECTION:
    client-name.nextdns.io. 0       CH      TXT     "nextdns-cli"
    proto.nextdns.io.       0       CH      TXT     "DOH"
    profile.nextdns.io.     0       CH      TXT     "fp8c8cdc8407f6c54a"
    client.nextdns.io.      0       CH      TXT     "115.76.*.*"
    server.nextdns.io.      0       CH      TXT     "greencloud-han-1"
    smart-ecs.nextdns.io.   0       CH      TXT     "23.40.76.0/24"
    ;; Query time: 324 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Apr 25 09:04:40 SE Asia Standard Time 2023
    ;; MSG SIZE  rcvd: 475
    

     

    IP ranges in the network number of ISP Viettel http://thongkeinternet.vn/jsp/vnix/danhba_ipasn.jsp

    Like
  • Same here, I'm in southern China, and when I use NextDNS to resolve CDN domain names, I often get IP addresses from northern China. If I use a DNS server within China, I get southern IP addresses instead.

    Like 1
      • BigDargon
      • BigDargon
      • 1 mth ago
      • Reported - view

      ooapa You should have DNS information when resolving domain names as above to report errors. But, maybe you have to wait a long time, because I reported this bug for more than 2 months but still not fixed!

      Like
      • ooapa
      • ooapa
      • 3 wk ago
      • 1
      • Reported - view

      ooapa Perhaps I am wrong, because when I used another tool to lookup, it displayed the correct geographical location.

      Like 1
      • BigDargon
      • BigDargon
      • 3 wk ago
      • Reported - view

      ooapa Great! I'm still waiting for them to fix the ECS sending the wrong IP address.

      Like
Like3 Follow
  • 3 Likes
  • 10 days agoLast active
  • 7Replies
  • 222Views
  • 2 Following