
Anonymous ECS is sending wrong ISP from ISP Viettel
Recently, I'm checking an anonymous ECS record, found out that the ECS IP address sent is from ISP Akamai and not from ISP Viettel.
; <<>> DiG 9.16.28 <<>> vi.wikipedia.org CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31497
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;vi.wikipedia.org. CH A
;; ANSWER SECTION:
vi.wikipedia.org. 85983 IN CNAME dyna.wikimedia.org.
dyna.wikimedia.org. 183 IN A 103.102.166.224
;; ADDITIONAL SECTION:
proto.nextdns.io. 0 CH TXT "DOH"
client.nextdns.io. 0 CH TXT "115.73.146.xxx"
server.nextdns.io. 0 CH TXT "vultr-sin-1"
profile.nextdns.io. 0 CH TXT "fp8c8cdc8407f6c54a"
client-name.nextdns.io. 0 CH TXT "nextdns-cli"
smart-ecs.nextdns.io. 0 CH TXT "23.40.76.0/24"
;; Query time: 45 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 21 11:54:20 SE Asia Standard Time 2023
;; MSG SIZE rcvd: 298
I continue to do the test with ISP VNPT, then the ECS IP results send the correct ISP VNPT
; <<>> DiG 9.16.24 <<>> vi.wikipedia.org CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22694
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;vi.wikipedia.org. CH A
;; ANSWER SECTION:
vi.wikipedia.org. 2400 IN CNAME dyna.wikimedia.org.
dyna.wikimedia.org. 2400 IN A 103.102.166.224
;; ADDITIONAL SECTION:
profile.nextdns.io. 2400 CH TXT "fp6402603a1e89ab0b"
client.nextdns.io. 2400 CH TXT "123.19.xxx.xxx"
proto.nextdns.io. 2400 CH TXT "DOH"
server.nextdns.io. 2400 CH TXT "anexia-han-1"
client-name.nextdns.io. 2400 CH TXT "dnscrypt"
smart-ecs.nextdns.io. 2400 CH TXT "14.160.0.0/24"
;; Query time: 527 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 21 10:07:53 SE Asia Standard Time 2023
;; MSG SIZE rcvd: 294
I check the results from Maxmind
A friend suggested the ECS IP range for ISP Viettel 125.234.51.0/24. I tested it with Google DNS, the results returned the Akamai CDN IP address at ISP Viettel.
; <<>> DiG 9.16.28 <<>> cf.shopee.vn +subnet=125.234.51.0/24
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 335
;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; CLIENT-SUBNET: 125.234.51.0/24/0
;; QUESTION SECTION:
;cf.shopee.vn. IN A
;; ANSWER SECTION:
cf.shopee.vn. 3 IN CNAME cf.shopee.vn.akamaized.net.
cf.shopee.vn.akamaized.net. 561 IN CNAME a1958.w16.akamai.net.
a1958.w16.akamai.net. 20 IN A 125.234.51.42
a1958.w16.akamai.net. 20 IN A 125.234.51.106
a1958.w16.akamai.net. 20 IN A 125.234.51.43
a1958.w16.akamai.net. 20 IN A 125.234.51.105
a1958.w16.akamai.net. 20 IN A 125.234.51.41
a1958.w16.akamai.net. 20 IN A 125.234.51.99
a1958.w16.akamai.net. 20 IN A 125.234.51.114
a1958.w16.akamai.net. 20 IN A 125.234.51.96
;; Query time: 39 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Feb 21 12:20:34 SE Asia Standard Time 2023
;; MSG SIZE rcvd: 251
; <<>> DiG 9.16.28 <<>> www.tiktok.com +subnet=125.234.51.0/24
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38698
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; CLIENT-SUBNET: 125.234.51.0/24/0
;; QUESTION SECTION:
;www.tiktok.com. IN A
;; ANSWER SECTION:
www.tiktok.com. 1800 IN CNAME www.tiktok.com.edgesuite.net.
www.tiktok.com.edgesuite.net. 13589 IN CNAME a2047.r.akamai.net.
a2047.r.akamai.net. 20 IN A 27.71.113.82
a2047.r.akamai.net. 20 IN A 27.71.113.80
a2047.r.akamai.net. 20 IN A 27.71.113.72
a2047.r.akamai.net. 20 IN A 27.71.113.74
a2047.r.akamai.net. 20 IN A 27.71.113.73
a2047.r.akamai.net. 20 IN A 27.71.113.83
a2047.r.akamai.net. 20 IN A 27.71.113.67
a2047.r.akamai.net. 20 IN A 27.71.113.81
a2047.r.akamai.net. 20 IN A 27.71.113.75
;; Query time: 101 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Feb 21 12:21:16 SE Asia Standard Time 2023
;; MSG SIZE rcvd: 269
While I use NextDNS, the IP address is not in ISP Viettel (or server in Vietnam)
; <<>> DiG 9.16.28 <<>> cf.shopee.vn CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4608
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;cf.shopee.vn. CH A
;; ANSWER SECTION:
cf.shopee.vn. 58 IN CNAME cf.shopee.vn.akamaized.net.
cf.shopee.vn.akamaized.net. 598 IN CNAME a1958.w16.akamai.net.
a1958.w16.akamai.net. 18 IN A 104.88.70.82
a1958.w16.akamai.net. 18 IN A 104.88.70.90
a1958.w16.akamai.net. 18 IN A 104.88.70.64
;; ADDITIONAL SECTION:
server.nextdns.io. 0 CH TXT "vultr-sin-1"
proto.nextdns.io. 0 CH TXT "DOH"
profile.nextdns.io. 0 CH TXT "fp8c8cdc8407f6c54a"
client.nextdns.io. 0 CH TXT "115.73.146.159"
client-name.nextdns.io. 0 CH TXT "nextdns-cli"
smart-ecs.nextdns.io. 0 CH TXT "23.40.76.0/24"
;; Query time: 55 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 21 12:28:40 SE Asia Standard Time 2023
;; MSG SIZE rcvd: 368
; <<>> DiG 9.16.28 <<>> www.tiktok.com CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25934
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.tiktok.com. CH A
;; ANSWER SECTION:
www.tiktok.com. 819 IN CNAME www.tiktok.com.edgesuite.net.
www.tiktok.com.edgesuite.net. 19751 IN CNAME a2047.r.akamai.net.
a2047.r.akamai.net. 20 IN A 23.220.203.19
a2047.r.akamai.net. 20 IN A 23.220.203.27
a2047.r.akamai.net. 20 IN A 23.220.203.11
a2047.r.akamai.net. 20 IN A 23.220.203.26
a2047.r.akamai.net. 20 IN A 23.220.203.10
a2047.r.akamai.net. 20 IN A 23.220.203.17
a2047.r.akamai.net. 20 IN A 23.220.203.18
a2047.r.akamai.net. 20 IN A 23.220.203.32
a2047.r.akamai.net. 20 IN A 23.220.203.16
;; ADDITIONAL SECTION:
server.nextdns.io. 0 CH TXT "vultr-sin-1"
profile.nextdns.io. 0 CH TXT "fp8c8cdc8407f6c54a"
client.nextdns.io. 0 CH TXT "115.73.146.159"
client-name.nextdns.io. 0 CH TXT "nextdns-cli"
proto.nextdns.io. 0 CH TXT "DOH"
smart-ecs.nextdns.io. 0 CH TXT "23.40.76.0/24"
;; Query time: 360 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 21 12:29:08 SE Asia Standard Time 2023
;; MSG SIZE rcvd: 466
Please check and update the correct anonymous ECS sending IP address with ISP Viettel. Thank you!
-
I keep checking the domain `www.lazada.vn` when enabling and disabling the anonymous ECS feature.
* Enable ECS
; <<>> DiG 9.16.28 <<>> www.lazada.vn CHAOS @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25551 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 7 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;www.lazada.vn. CH A ;; ANSWER SECTION: www.lazada.vn. 112 IN CNAME www-ion-sni.lazada.edgekey.net. www-ion-sni.lazada.edgekey.net. 9570 IN CNAME e175318.dsca.akamaiedge.net. e175318.dsca.akamaiedge.net. 0 IN A 23.200.142.176 e175318.dsca.akamaiedge.net. 0 IN A 104.70.235.64 ;; ADDITIONAL SECTION: profile.nextdns.io. 0 CH TXT "fp8c8cdc8407f6c54a" client.nextdns.io. 0 CH TXT "115.73.146.xxx" client-name.nextdns.io. 0 CH TXT "nextdns-cli" proto.nextdns.io. 0 CH TXT "DOH" server.nextdns.io. 0 CH TXT "greencloud-han-1" smart-ecs.nextdns.io. 0 CH TXT "23.40.76.0/24" ;; Query time: 35 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Feb 27 10:32:16 SE Asia Standard Time 2023 ;; MSG SIZE rcvd: 369
* Disable ECS
; <<>> DiG 9.16.28 <<>> www.lazada.vn CHAOS @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54906 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 7 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;www.lazada.vn. CH A ;; ANSWER SECTION: www.lazada.vn. 77 IN CNAME www-ion-sni.lazada.edgekey.net. www-ion-sni.lazada.edgekey.net. 9535 IN CNAME e175318.dsca.akamaiedge.net. e175318.dsca.akamaiedge.net. 20 IN A 27.77.82.136 e175318.dsca.akamaiedge.net. 20 IN A 27.77.82.153 ;; ADDITIONAL SECTION: client-name.nextdns.io. 0 CH TXT "nextdns-cli" proto.nextdns.io. 0 CH TXT "DOH" server.nextdns.io. 0 CH TXT "greencloud-han-1" client.nextdns.io. 0 CH TXT "115.73.146.xxx" profile.nextdns.io. 0 CH TXT "fp8c8cdc8407f6c54a" smart-ecs.nextdns.io. 0 CH TXT "not sent" ;; Query time: 108 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Feb 27 10:32:51 SE Asia Standard Time 2023 ;; MSG SIZE rcvd: 364
* With ISP's DNS
; <<>> DiG 9.16.28 <<>> www.lazada.vn ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27157 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 9c410e169f7f4d6c0100000063fc262fe606254d7257d318 (good) ;; QUESTION SECTION: ;www.lazada.vn. IN A ;; ANSWER SECTION: www.lazada.vn. 217 IN CNAME www-ion-sni.lazada.edgekey.net. www-ion-sni.lazada.edgekey.net. 20078 IN CNAME e175318.dsca.akamaiedge.net. e175318.dsca.akamaiedge.net. 81 IN A 27.77.82.153 e175318.dsca.akamaiedge.net. 81 IN A 27.77.82.136 ;; Query time: 7 msec ;; SERVER: 203.113.188.1#53(203.113.188.1) ;; WHEN: Mon Feb 27 10:40:31 SE Asia Standard Time 2023 ;; MSG SIZE rcvd: 187
* With Google DNS
; <<>> DiG 9.16.28 <<>> www.lazada.vn @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53583 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;www.lazada.vn. IN A ;; ANSWER SECTION: www.lazada.vn. 300 IN CNAME www-ion-sni.lazada.edgekey.net. www-ion-sni.lazada.edgekey.net. 11002 IN CNAME e175318.dsca.akamaiedge.net. e175318.dsca.akamaiedge.net. 7 IN A 27.77.82.225 e175318.dsca.akamaiedge.net. 7 IN A 27.77.82.235 ;; Query time: 88 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Mon Feb 27 11:05:25 SE Asia Standard Time 2023 ;; MSG SIZE rcvd: 156
* Check out GeoIP on MaxMind
-
The ECS IP address of the Viettel ISP is still not fixed. Please check and fix it. Thank you!
; <<>> DiG 9.16.28 <<>> www.tiktok.com CHAOS ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61084 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 7 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;www.tiktok.com. CH A ;; ANSWER SECTION: www.tiktok.com. 1221 IN CNAME www.tiktok.com.edgesuite.net. www.tiktok.com.edgesuite.net. 7967 IN CNAME a2047.api10.akamai.net. a2047.api10.akamai.net. 20 IN A 23.210.250.59 a2047.api10.akamai.net. 20 IN A 23.210.250.56 a2047.api10.akamai.net. 20 IN A 23.210.250.57 a2047.api10.akamai.net. 20 IN A 23.210.250.51 a2047.api10.akamai.net. 20 IN A 23.210.250.64 a2047.api10.akamai.net. 20 IN A 23.210.250.48 a2047.api10.akamai.net. 20 IN A 23.210.250.115 a2047.api10.akamai.net. 20 IN A 23.210.250.65 a2047.api10.akamai.net. 20 IN A 23.210.250.50 ;; ADDITIONAL SECTION: client-name.nextdns.io. 0 CH TXT "nextdns-cli" proto.nextdns.io. 0 CH TXT "DOH" profile.nextdns.io. 0 CH TXT "fp8c8cdc8407f6c54a" client.nextdns.io. 0 CH TXT "115.76.*.*" server.nextdns.io. 0 CH TXT "greencloud-han-1" smart-ecs.nextdns.io. 0 CH TXT "23.40.76.0/24" ;; Query time: 324 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Apr 25 09:04:40 SE Asia Standard Time 2023 ;; MSG SIZE rcvd: 475
IP ranges in the network number of ISP Viettel http://thongkeinternet.vn/jsp/vnix/danhba_ipasn.jsp