Anonymous ECS is sending wrong ISP from ISP Viettel

BigDargon
updated 1 yr ago
11replies

Recently, I'm checking an anonymous ECS record, found out that the ECS IP address sent is from ISP Akamai and not from ISP Viettel.

; <<>> DiG 9.16.28 <<>> vi.wikipedia.org CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31497
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;vi.wikipedia.org.              CH      A
;; ANSWER SECTION:
vi.wikipedia.org.       85983   IN      CNAME   dyna.wikimedia.org.
dyna.wikimedia.org.     183     IN      A       103.102.166.224
;; ADDITIONAL SECTION:
proto.nextdns.io.       0       CH      TXT     "DOH"
client.nextdns.io.      0       CH      TXT     "115.73.146.xxx"
server.nextdns.io.      0       CH      TXT     "vultr-sin-1"
profile.nextdns.io.     0       CH      TXT     "fp8c8cdc8407f6c54a"
client-name.nextdns.io. 0       CH      TXT     "nextdns-cli"
smart-ecs.nextdns.io.   0       CH      TXT     "23.40.76.0/24"
;; Query time: 45 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 21 11:54:20 SE Asia Standard Time 2023
;; MSG SIZE  rcvd: 298

I continue to do the test with ISP VNPT, then the ECS IP results send the correct ISP VNPT

; <<>> DiG 9.16.24 <<>> vi.wikipedia.org CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22694
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;vi.wikipedia.org.              CH      A
;; ANSWER SECTION:
vi.wikipedia.org.       2400    IN      CNAME   dyna.wikimedia.org.
dyna.wikimedia.org.     2400    IN      A       103.102.166.224
;; ADDITIONAL SECTION:
profile.nextdns.io.     2400    CH      TXT     "fp6402603a1e89ab0b"
client.nextdns.io.      2400    CH      TXT     "123.19.xxx.xxx"
proto.nextdns.io.       2400    CH      TXT     "DOH"
server.nextdns.io.      2400    CH      TXT     "anexia-han-1"
client-name.nextdns.io. 2400    CH      TXT     "dnscrypt"
smart-ecs.nextdns.io.   2400    CH      TXT     "14.160.0.0/24"
;; Query time: 527 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 21 10:07:53 SE Asia Standard Time 2023
;; MSG SIZE  rcvd: 294

I check the results from Maxmind

A friend suggested the ECS IP range for ISP Viettel 125.234.51.0/24. I tested it with Google DNS, the results returned the Akamai CDN IP address at ISP Viettel.

; <<>> DiG 9.16.28 <<>> cf.shopee.vn +subnet=125.234.51.0/24
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 335
;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; CLIENT-SUBNET: 125.234.51.0/24/0
;; QUESTION SECTION:
;cf.shopee.vn.                  IN      A
;; ANSWER SECTION:
cf.shopee.vn.           3       IN      CNAME   cf.shopee.vn.akamaized.net.
cf.shopee.vn.akamaized.net. 561 IN      CNAME   a1958.w16.akamai.net.
a1958.w16.akamai.net.   20      IN      A       125.234.51.42
a1958.w16.akamai.net.   20      IN      A       125.234.51.106
a1958.w16.akamai.net.   20      IN      A       125.234.51.43
a1958.w16.akamai.net.   20      IN      A       125.234.51.105
a1958.w16.akamai.net.   20      IN      A       125.234.51.41
a1958.w16.akamai.net.   20      IN      A       125.234.51.99
a1958.w16.akamai.net.   20      IN      A       125.234.51.114
a1958.w16.akamai.net.   20      IN      A       125.234.51.96
;; Query time: 39 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Feb 21 12:20:34 SE Asia Standard Time 2023
;; MSG SIZE  rcvd: 251

; <<>> DiG 9.16.28 <<>> www.tiktok.com +subnet=125.234.51.0/24
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38698
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; CLIENT-SUBNET: 125.234.51.0/24/0
;; QUESTION SECTION:
;www.tiktok.com.                        IN      A
;; ANSWER SECTION:
www.tiktok.com.         1800    IN      CNAME   www.tiktok.com.edgesuite.net.
www.tiktok.com.edgesuite.net. 13589 IN  CNAME   a2047.r.akamai.net.
a2047.r.akamai.net.     20      IN      A       27.71.113.82
a2047.r.akamai.net.     20      IN      A       27.71.113.80
a2047.r.akamai.net.     20      IN      A       27.71.113.72
a2047.r.akamai.net.     20      IN      A       27.71.113.74
a2047.r.akamai.net.     20      IN      A       27.71.113.73
a2047.r.akamai.net.     20      IN      A       27.71.113.83
a2047.r.akamai.net.     20      IN      A       27.71.113.67
a2047.r.akamai.net.     20      IN      A       27.71.113.81
a2047.r.akamai.net.     20      IN      A       27.71.113.75
;; Query time: 101 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Feb 21 12:21:16 SE Asia Standard Time 2023
;; MSG SIZE  rcvd: 269

While I use NextDNS, the IP address is not in ISP Viettel (or server in Vietnam)

; <<>> DiG 9.16.28 <<>> cf.shopee.vn CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4608
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;cf.shopee.vn.                  CH      A
;; ANSWER SECTION:
cf.shopee.vn.           58      IN      CNAME   cf.shopee.vn.akamaized.net.
cf.shopee.vn.akamaized.net. 598 IN      CNAME   a1958.w16.akamai.net.
a1958.w16.akamai.net.   18      IN      A       104.88.70.82
a1958.w16.akamai.net.   18      IN      A       104.88.70.90
a1958.w16.akamai.net.   18      IN      A       104.88.70.64
;; ADDITIONAL SECTION:
server.nextdns.io.      0       CH      TXT     "vultr-sin-1"
proto.nextdns.io.       0       CH      TXT     "DOH"
profile.nextdns.io.     0       CH      TXT     "fp8c8cdc8407f6c54a"
client.nextdns.io.      0       CH      TXT     "115.73.146.159"
client-name.nextdns.io. 0       CH      TXT     "nextdns-cli"
smart-ecs.nextdns.io.   0       CH      TXT     "23.40.76.0/24"
;; Query time: 55 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 21 12:28:40 SE Asia Standard Time 2023
;; MSG SIZE  rcvd: 368

; <<>> DiG 9.16.28 <<>> www.tiktok.com CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25934
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.tiktok.com.                        CH      A
;; ANSWER SECTION:
www.tiktok.com.         819     IN      CNAME   www.tiktok.com.edgesuite.net.
www.tiktok.com.edgesuite.net. 19751 IN  CNAME   a2047.r.akamai.net.
a2047.r.akamai.net.     20      IN      A       23.220.203.19
a2047.r.akamai.net.     20      IN      A       23.220.203.27
a2047.r.akamai.net.     20      IN      A       23.220.203.11
a2047.r.akamai.net.     20      IN      A       23.220.203.26
a2047.r.akamai.net.     20      IN      A       23.220.203.10
a2047.r.akamai.net.     20      IN      A       23.220.203.17
a2047.r.akamai.net.     20      IN      A       23.220.203.18
a2047.r.akamai.net.     20      IN      A       23.220.203.32
a2047.r.akamai.net.     20      IN      A       23.220.203.16
;; ADDITIONAL SECTION:
server.nextdns.io.      0       CH      TXT     "vultr-sin-1"
profile.nextdns.io.     0       CH      TXT     "fp8c8cdc8407f6c54a"
client.nextdns.io.      0       CH      TXT     "115.73.146.159"
client-name.nextdns.io. 0       CH      TXT     "nextdns-cli"
proto.nextdns.io.       0       CH      TXT     "DOH"
smart-ecs.nextdns.io.   0       CH      TXT     "23.40.76.0/24"
;; Query time: 360 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 21 12:29:08 SE Asia Standard Time 2023
;; MSG SIZE  rcvd: 466

Please check and update the correct anonymous ECS sending IP address with ISP Viettel. Thank you!

Network

BigDargon
1 yr ago
Reported - view

I keep checking the domain `www.lazada.vn` when enabling and disabling the anonymous ECS feature.

* Enable ECS

; <<>> DiG 9.16.28 <<>> www.lazada.vn CHAOS @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25551
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.lazada.vn.                 CH      A
;; ANSWER SECTION:
www.lazada.vn.          112     IN      CNAME   www-ion-sni.lazada.edgekey.net.
www-ion-sni.lazada.edgekey.net. 9570 IN CNAME   e175318.dsca.akamaiedge.net.
e175318.dsca.akamaiedge.net. 0  IN      A       23.200.142.176
e175318.dsca.akamaiedge.net. 0  IN      A       104.70.235.64
;; ADDITIONAL SECTION:
profile.nextdns.io.     0       CH      TXT     "fp8c8cdc8407f6c54a"
client.nextdns.io.      0       CH      TXT     "115.73.146.xxx"
client-name.nextdns.io. 0       CH      TXT     "nextdns-cli"
proto.nextdns.io.       0       CH      TXT     "DOH"
server.nextdns.io.      0       CH      TXT     "greencloud-han-1"
smart-ecs.nextdns.io.   0       CH      TXT     "23.40.76.0/24"
;; Query time: 35 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Feb 27 10:32:16 SE Asia Standard Time 2023
;; MSG SIZE  rcvd: 369

* Disable ECS

; <<>> DiG 9.16.28 <<>> www.lazada.vn CHAOS @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54906
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.lazada.vn.                 CH      A
;; ANSWER SECTION:
www.lazada.vn.          77      IN      CNAME   www-ion-sni.lazada.edgekey.net.
www-ion-sni.lazada.edgekey.net. 9535 IN CNAME   e175318.dsca.akamaiedge.net.
e175318.dsca.akamaiedge.net. 20 IN      A       27.77.82.136
e175318.dsca.akamaiedge.net. 20 IN      A       27.77.82.153
;; ADDITIONAL SECTION:
client-name.nextdns.io. 0       CH      TXT     "nextdns-cli"
proto.nextdns.io.       0       CH      TXT     "DOH"
server.nextdns.io.      0       CH      TXT     "greencloud-han-1"
client.nextdns.io.      0       CH      TXT     "115.73.146.xxx"
profile.nextdns.io.     0       CH      TXT     "fp8c8cdc8407f6c54a"
smart-ecs.nextdns.io.   0       CH      TXT     "not sent"
;; Query time: 108 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Feb 27 10:32:51 SE Asia Standard Time 2023
;; MSG SIZE  rcvd: 364

* With ISP's DNS

; <<>> DiG 9.16.28 <<>> www.lazada.vn
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27157
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 9c410e169f7f4d6c0100000063fc262fe606254d7257d318 (good)
;; QUESTION SECTION:
;www.lazada.vn.                 IN      A
;; ANSWER SECTION:
www.lazada.vn.          217     IN      CNAME   www-ion-sni.lazada.edgekey.net.
www-ion-sni.lazada.edgekey.net. 20078 IN CNAME  e175318.dsca.akamaiedge.net.
e175318.dsca.akamaiedge.net. 81 IN      A       27.77.82.153
e175318.dsca.akamaiedge.net. 81 IN      A       27.77.82.136
;; Query time: 7 msec
;; SERVER: 203.113.188.1#53(203.113.188.1)
;; WHEN: Mon Feb 27 10:40:31 SE Asia Standard Time 2023
;; MSG SIZE  rcvd: 187

* With Google DNS

; <<>> DiG 9.16.28 <<>> www.lazada.vn @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53583
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.lazada.vn.                 IN      A
;; ANSWER SECTION:
www.lazada.vn.          300     IN      CNAME   www-ion-sni.lazada.edgekey.net.
www-ion-sni.lazada.edgekey.net. 11002 IN CNAME  e175318.dsca.akamaiedge.net.
e175318.dsca.akamaiedge.net. 7  IN      A       27.77.82.225
e175318.dsca.akamaiedge.net. 7  IN      A       27.77.82.235
;; Query time: 88 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Feb 27 11:05:25 SE Asia Standard Time 2023
;; MSG SIZE  rcvd: 156

* Check out GeoIP on MaxMind

BigDargon
11 mths ago
Reported - view

The ECS IP address of the Viettel ISP is still not fixed. Please check and fix it. Thank you!

; <<>> DiG 9.16.28 <<>> www.tiktok.com CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61084
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.tiktok.com.                        CH      A
;; ANSWER SECTION:
www.tiktok.com.         1221    IN      CNAME   www.tiktok.com.edgesuite.net.
www.tiktok.com.edgesuite.net. 7967 IN   CNAME   a2047.api10.akamai.net.
a2047.api10.akamai.net. 20      IN      A       23.210.250.59
a2047.api10.akamai.net. 20      IN      A       23.210.250.56
a2047.api10.akamai.net. 20      IN      A       23.210.250.57
a2047.api10.akamai.net. 20      IN      A       23.210.250.51
a2047.api10.akamai.net. 20      IN      A       23.210.250.64
a2047.api10.akamai.net. 20      IN      A       23.210.250.48
a2047.api10.akamai.net. 20      IN      A       23.210.250.115
a2047.api10.akamai.net. 20      IN      A       23.210.250.65
a2047.api10.akamai.net. 20      IN      A       23.210.250.50
;; ADDITIONAL SECTION:
client-name.nextdns.io. 0       CH      TXT     "nextdns-cli"
proto.nextdns.io.       0       CH      TXT     "DOH"
profile.nextdns.io.     0       CH      TXT     "fp8c8cdc8407f6c54a"
client.nextdns.io.      0       CH      TXT     "115.76.*.*"
server.nextdns.io.      0       CH      TXT     "greencloud-han-1"
smart-ecs.nextdns.io.   0       CH      TXT     "23.40.76.0/24"
;; Query time: 324 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Apr 25 09:04:40 SE Asia Standard Time 2023
;; MSG SIZE  rcvd: 475

IP ranges in the network number of ISP Viettel http://thongkeinternet.vn/jsp/vnix/danhba_ipasn.jsp

- ooapa
- 11 mths ago
- Reported - view
Same here, I'm in southern China, and when I use NextDNS to resolve CDN domain names, I often get IP addresses from northern China. If I use a DNS server within China, I get southern IP addresses instead.
- BigDargon
  
  11 mths ago
  
  Reported - view
  ooapa You should have DNS information when resolving domain names as above to report errors. But, maybe you have to wait a long time, because I reported this bug for more than 2 months but still not fixed!
- ooapa
  
  11 mths ago
  
  Reported - view
  ooapa Perhaps I am wrong, because when I used another tool to lookup, it displayed the correct geographical location.
- BigDargon
  
  11 mths ago
  
  Reported - view
  ooapa Great! I'm still waiting for them to fix the ECS sending the wrong IP address.
- BigDargon
- 10 mths ago
- Reported - view
Same problem but in different country

https://help.nextdns.io/t/m1h4p83/anonymized-edns-client-subnet-reports-a-subnet-thats-across-the-country-from-my-actual-location

BigDargon
9 mths ago
Reported - view

Anonymous ECS is still sending wrong IP address with ASN Viettel

; <<>> DiG 9.16.28 <<>> www.apple.com CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47552
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.apple.com.                 CH      A
;; ANSWER SECTION:
www.apple.com.          947     IN      CNAME   www.apple.com.edgekey.net.
www.apple.com.edgekey.net. 15990 IN     CNAME   www.apple.com.edgekey.net.globalredir.akadns.net.
www.apple.com.edgekey.net.globalredir.akadns.net. 3171 IN CNAME e6858.dscx.akamaiedge.net.
e6858.dscx.akamaiedge.net. 7    IN      A       118.68.81.235
;; ADDITIONAL SECTION:
proto.nextdns.io.       0       CH      TXT     "DOH"
client.nextdns.io.      0       CH      TXT     "115.73.159.***"
server.nextdns.io.      0       CH      TXT     "greencloud-han-1"
profile.nextdns.io.     0       CH      TXT     "fp8c8cdc8407f6c54a"
client-name.nextdns.io. 0       CH      TXT     "nextdns-cli"
smart-ecs.nextdns.io.   0       CH      TXT     "23.40.76.0/24"
;; Query time: 54 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jul 19 14:14:45 SE Asia Standard Time 2023
;; MSG SIZE  rcvd: 405

; <<>> DiG 9.16.28 <<>> www.tiktok.com CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37424
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.tiktok.com.                        CH      A
;; ANSWER SECTION:
www.tiktok.com.         1457    IN      CNAME   www.tiktok.com.edgesuite.net.
www.tiktok.com.edgesuite.net. 16444 IN  CNAME   a2047.api10.akamai.net.
a2047.api10.akamai.net. 20      IN      A       118.69.16.111
a2047.api10.akamai.net. 20      IN      A       118.69.16.112
a2047.api10.akamai.net. 20      IN      A       118.69.16.95
a2047.api10.akamai.net. 20      IN      A       118.69.16.97
a2047.api10.akamai.net. 20      IN      A       118.69.16.89
a2047.api10.akamai.net. 20      IN      A       118.69.16.94
a2047.api10.akamai.net. 20      IN      A       118.69.16.96
a2047.api10.akamai.net. 20      IN      A       118.69.16.102
a2047.api10.akamai.net. 20      IN      A       118.69.16.120
;; ADDITIONAL SECTION:
profile.nextdns.io.     0       CH      TXT     "fp8c8cdc8407f6c54a"
client-name.nextdns.io. 0       CH      TXT     "nextdns-cli"
proto.nextdns.io.       0       CH      TXT     "DOH"
server.nextdns.io.      0       CH      TXT     "greencloud-han-1"
client.nextdns.io.      0       CH      TXT     "115.73.159.***"
smart-ecs.nextdns.io.   0       CH      TXT     "23.40.76.0/24"
;; Query time: 220 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jul 19 14:16:36 SE Asia Standard Time 2023
;; MSG SIZE  rcvd: 475

- BigDargon
- 7 mths ago
- Reported - view
Anonymous ECS is causing high ping to Google services from ISP Viettel

https://help.nextdns.io/t/g9yqzgr

Please check and fix it! Thank you!

BigDargon
6 mths ago
Reported - view

Today, I continued to check with the IP 116.100.77.XXX, the ECS sent was 103.84.77.0/24. The network routing to the returned IP is very stable and is not routed far.

; <<>> DiG 9.16.28 <<>> google.com CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2408
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 7

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com.                    CH      A

;; ANSWER SECTION:
google.com.             201     IN      A       142.250.66.142

;; ADDITIONAL SECTION:
profile.nextdns.io.     0       CH      TXT     "fpfb396ba10fe8060d"
client.nextdns.io.      0       CH      TXT     "116.100.77.XXX"
client-name.nextdns.io. 0       CH      TXT     "nextdns-cli"
proto.nextdns.io.       0       CH      TXT     "DOH"
server.nextdns.io.      0       CH      TXT     "greencloud-han-1"
smart-ecs.nextdns.io.   0       CH      TXT     "103.84.77.0/24"

;; Query time: 34 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Oct 09 10:03:05 SE Asia Standard Time 2023
;; MSG SIZE  rcvd: 268

Tracing route to 142.250.66.142 over a maximum of 30 hops
  1     5 ms     1 ms     1 ms  192.168.1.1
  2     4 ms    18 ms     8 ms  125.235.251.199
  3    23 ms     4 ms     4 ms  10.207.244.126
  4     4 ms     6 ms     4 ms  27.68.209.61
  5    10 ms     8 ms     7 ms  27.68.209.53
  6     6 ms     6 ms     7 ms  27.68.237.150
  7    17 ms    56 ms    15 ms  27.68.250.52
  8    33 ms    35 ms    34 ms  192.178.70.82
  9    36 ms    34 ms    33 ms  142.250.60.155
 10    36 ms    38 ms    37 ms  66.249.94.223
 11    34 ms    33 ms    33 ms  142.250.66.142
Trace complete.

Both of these IP addresses are from Viettel ISP.

Then I restarted the modem so that the ISP could change to the new WAN IP address.

; <<>> DiG 9.16.28 <<>> google.com CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36463
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 7

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com.                    CH      A

;; ANSWER SECTION:
google.com.             191     IN      A       142.250.74.142

;; ADDITIONAL SECTION:
client.nextdns.io.      0       CH      TXT     "115.73.154.XXX"
proto.nextdns.io.       0       CH      TXT     "DOH"
server.nextdns.io.      0       CH      TXT     "greencloud-sgn-1"
profile.nextdns.io.     0       CH      TXT     "fpfb396ba10fe8060d"
client-name.nextdns.io. 0       CH      TXT     "nextdns-cli"
smart-ecs.nextdns.io.   0       CH      TXT     "23.40.76.0/24"

;; Query time: 12 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Oct 09 14:39:28 SE Asia Standard Time 2023
;; MSG SIZE  rcvd: 267

Tracing route to 142.250.74.142 over a maximum of 30 hops
  1    25 ms    10 ms    19 ms  192.168.1.1
  2     3 ms     2 ms     2 ms  125.235.251.199
  3     5 ms    12 ms     8 ms  115.79.0.84
  4    11 ms     5 ms     5 ms  27.68.209.61
  5     *      111 ms     *     27.68.209.53
  6    12 ms    10 ms    12 ms  27.68.237.150
  7    11 ms     8 ms    17 ms  27.68.250.212
  8    35 ms    33 ms    34 ms  192.178.70.94
  9    34 ms    34 ms    36 ms  108.170.241.33
 10    32 ms   299 ms    50 ms  108.170.241.48
 11    33 ms    35 ms    32 ms  216.239.63.231
 12    47 ms    47 ms    52 ms  172.253.50.217
 13   244 ms   232 ms   224 ms  142.250.226.90
 14     *      178 ms     *     142.250.238.62
 15     *        *      207 ms  142.250.227.244
 16   231 ms   343 ms   226 ms  142.251.61.212
 17   328 ms   481 ms   419 ms  216.239.40.119
 18     *        *        *     Request timed out.
 19   319 ms   316 ms   317 ms  192.178.80.78
 20   331 ms     *      331 ms  216.239.63.56
 21   331 ms   342 ms   341 ms  209.85.246.60
 22   332 ms   331 ms   331 ms  108.170.254.49
 23   332 ms   332 ms   332 ms  142.251.48.45
 24  1551 ms   331 ms   333 ms  142.250.74.142
Trace complete.

Both IP addresses are not the same Viettel ISP, but ECS sends in Ho Chi Minh City location.

Another check with Google DNS.

; <<>> DiG 9.16.28 <<>> google.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17750
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512

;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             174     IN      A       142.251.222.206

;; Query time: 31 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Oct 09 15:06:36 SE Asia Standard Time 2023
;; MSG SIZE  rcvd: 55

Tracing route to 142.251.222.206 over a maximum of 30 hops
  1     4 ms     7 ms     4 ms  192.168.1.1
  2     6 ms     4 ms     3 ms  125.235.251.199
  3     9 ms     4 ms     4 ms  10.207.244.124
  4     3 ms     4 ms     7 ms  27.68.209.61
  5     9 ms     9 ms     9 ms  27.68.209.53
  6     8 ms     8 ms     8 ms  27.68.237.150
  7     8 ms    10 ms    10 ms  27.68.250.214
  8    34 ms    35 ms    38 ms  192.178.70.94
  9    34 ms    35 ms    35 ms  108.170.231.21
 10    34 ms    45 ms    39 ms  142.251.253.113
 11    31 ms    33 ms    34 ms  142.251.222.206
Trace complete.

Please check and fix it! Thank you!

- BigDargon
- 7 days ago
- Reported - view
I'm still waiting for this to be fixed! Thanks

Content aside

6 Likes
7 days agoLast active
11Replies
477Views
2 Following

Anonymous ECS is sending wrong ISP from ISP Viettel

11 replies

Content aside

Home

Tags