28
Partnering with Akamai to Enable ECS
Hi,
While I was debugging DNS, I happened to notice, the Anonymized EDNS Client Subnet feature doesn't work with Akamai's CDN. I found information from Akamai, they enable ECS for Google DNS and OpenDNS https://community.akamai.com/customers/s/article/Akamai-to-Enable-ECS-for-OpenDNS-GoogleDNS-on-IPA-SXL-Network
I suggest NextDNS team to collaborate with Akamai to enable ECS, optimize DNS results when sending ECS.
* With domain www.apple.com & e1.o.lencr.org: The IP addresses are all on Akamai server at ISP FPT, while I am using ISP Viettel.
; <<>> DiG 9.16.28 <<>> www.apple.com CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17604
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.apple.com. CH A
;; ANSWER SECTION:
www.apple.com. 1659 IN CNAME www.apple.com.edgekey.net.
www.apple.com.edgekey.net. 11174 IN CNAME www.apple.com.edgekey.net.globalredir.akadns.net.
www.apple.com.edgekey.net.globalredir.akadns.net. 419 IN CNAME e6858.dscx.akamaiedge.net.
e6858.dscx.akamaiedge.net. 14 IN A 23.33.120.214
;; ADDITIONAL SECTION:
server.nextdns.io. 0 CH TXT "lightnode-sgn-1"
profile.nextdns.io. 0 CH TXT "XXX"
client.nextdns.io. 0 CH TXT "171.249.18.201"
proto.nextdns.io. 0 CH TXT "DOH"
client-name.nextdns.io. 0 CH TXT "nextdns-windows"
smart-ecs.nextdns.io. 0 CH TXT "23.40.76.0/24"
;; Query time: 525 msec
;; SERVER: 9.9.9.11#53(9.9.9.11)
;; WHEN: Tue Jun 25 10:32:11 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 575
; <<>> DiG 9.16.28 <<>> e1.o.lencr.org CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12708
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;e1.o.lencr.org. CH A
;; ANSWER SECTION:
e1.o.lencr.org. 120 IN CNAME o.lencr.edgesuite.net.
o.lencr.edgesuite.net. 11755 IN CNAME a1887.dscq.akamai.net.
a1887.dscq.akamai.net. 20 IN A 118.69.17.55
a1887.dscq.akamai.net. 20 IN A 118.69.17.77
;; ADDITIONAL SECTION:
proto.nextdns.io. 0 CH TXT "DOH"
profile.nextdns.io. 0 CH TXT "XXX"
server.nextdns.io. 0 CH TXT "lightnode-sgn-1"
client.nextdns.io. 0 CH TXT "171.249.18.201"
client-name.nextdns.io. 0 CH TXT "nextdns-windows"
smart-ecs.nextdns.io. 0 CH TXT "23.40.76.0/24"
;; Query time: 217 msec
;; SERVER: 9.9.9.11#53(9.9.9.11)
;; WHEN: Tue Jun 25 10:32:32 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 488
; <<>> DiG 9.16.28 <<>> www.apple.com AAAA CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58716
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.apple.com. CH AAAA
;; ANSWER SECTION:
www.apple.com. 1575 IN CNAME www.apple.com.edgekey.net.
www.apple.com.edgekey.net. 11090 IN CNAME www.apple.com.edgekey.net.globalredir.akadns.net.
www.apple.com.edgekey.net.globalredir.akadns.net. 335 IN CNAME e6858.dscx.akamaiedge.net.
e6858.dscx.akamaiedge.net. 14 IN AAAA 2405:4800:ae00:1c88::1aca
e6858.dscx.akamaiedge.net. 14 IN AAAA 2405:4800:ae00:1c85::1aca
;; ADDITIONAL SECTION:
client-name.nextdns.io. 0 CH TXT "nextdns-windows"
proto.nextdns.io. 0 CH TXT "DOH"
server.nextdns.io. 0 CH TXT "lightnode-sgn-1"
profile.nextdns.io. 0 CH TXT "XXX"
client.nextdns.io. 0 CH TXT "171.249.18.201"
smart-ecs.nextdns.io. 0 CH TXT "23.40.76.0/24"
;; Query time: 28 msec
;; SERVER: 9.9.9.11#53(9.9.9.11)
;; WHEN: Tue Jun 25 10:33:35 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 640
; <<>> DiG 9.16.28 <<>> e1.o.lencr.org AAAA CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41279
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;e1.o.lencr.org. CH AAAA
;; ANSWER SECTION:
e1.o.lencr.org. 49 IN CNAME o.lencr.edgesuite.net.
o.lencr.edgesuite.net. 11684 IN CNAME a1887.dscq.akamai.net.
a1887.dscq.akamai.net. 20 IN AAAA 2405:4800:10a::7645:1154
a1887.dscq.akamai.net. 20 IN AAAA 2405:4800:10a::7645:114d
;; ADDITIONAL SECTION:
client.nextdns.io. 0 CH TXT "171.249.18.201"
profile.nextdns.io. 0 CH TXT "XXX"
client-name.nextdns.io. 0 CH TXT "nextdns-windows"
proto.nextdns.io. 0 CH TXT "DOH"
server.nextdns.io. 0 CH TXT "lightnode-sgn-1"
smart-ecs.nextdns.io. 0 CH TXT "23.40.76.0/24"
;; Query time: 209 msec
;; SERVER: 9.9.9.11#53(9.9.9.11)
;; WHEN: Tue Jun 25 10:33:43 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 512
* With DNS servers of ISP Viettel, Google DNS and OpenDNS: All IP addresses are servers at Viettel ISP
; <<>> DiG 9.16.28 <<>> www.apple.com @203.113.131.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9468
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: e82232724b1f472301000000667a31180ac2ec212c7f688f (good)
;; QUESTION SECTION:
;www.apple.com. IN A
;; ANSWER SECTION:
www.apple.com. 1053 IN CNAME www.apple.com.edgekey.net.
www.apple.com.edgekey.net. 3606 IN CNAME www.apple.com.edgekey.net.globalredir.akadns.net.
www.apple.com.edgekey.net.globalredir.akadns.net. 872 IN CNAME e6858.dscx.akamaiedge.net.
e6858.dscx.akamaiedge.net. 12 IN A 171.236.60.223
;; Query time: 8 msec
;; SERVER: 203.113.131.2#53(203.113.131.2)
;; WHEN: Tue Jun 25 09:53:13 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 226
; <<>> DiG 9.16.28 <<>> www.apple.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24693
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.apple.com. IN A
;; ANSWER SECTION:
www.apple.com. 187 IN CNAME www.apple.com.edgekey.net.
www.apple.com.edgekey.net. 20453 IN CNAME www.apple.com.edgekey.net.globalredir.akadns.net.
www.apple.com.edgekey.net.globalredir.akadns.net. 256 IN CNAME e6858.dscx.akamaiedge.net.
e6858.dscx.akamaiedge.net. 20 IN A 23.40.76.22
;; Query time: 44 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Jun 25 09:39:48 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 192
; <<>> DiG 9.16.28 <<>> www.apple.com @208.67.222.222
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 574
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1410
;; QUESTION SECTION:
;www.apple.com. IN A
;; ANSWER SECTION:
www.apple.com. 1747 IN CNAME www.apple.com.edgekey.net.
www.apple.com.edgekey.net. 5045 IN CNAME www.apple.com.edgekey.net.globalredir.akadns.net.
www.apple.com.edgekey.net.globalredir.akadns.net. 3600 IN CNAME e6858.dscx.akamaiedge.net.
e6858.dscx.akamaiedge.net. 20 IN A 171.236.60.223
;; Query time: 92 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Tue Jun 25 09:40:11 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 192
; <<>> DiG 9.16.28 <<>> www.apple.com AAAA @2402:800:20ff:6666::1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43165
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: c4c895ef48b0bd3601000000667a3140cac4d1f71f3ef79e (good)
;; QUESTION SECTION:
;www.apple.com. IN AAAA
;; ANSWER SECTION:
www.apple.com. 484 IN CNAME www.apple.com.edgekey.net.
www.apple.com.edgekey.net. 9152 IN CNAME www.apple.com.edgekey.net.globalredir.akadns.net.
www.apple.com.edgekey.net.globalredir.akadns.net. 280 IN CNAME e6858.dscx.akamaiedge.net.
e6858.dscx.akamaiedge.net. 82 IN AAAA 2402:800:6353:283::1aca
e6858.dscx.akamaiedge.net. 82 IN AAAA 2402:800:6353:28a::1aca
;; Query time: 12 msec
;; SERVER: 2402:800:20ff:6666::1#53(2402:800:20ff:6666::1)
;; WHEN: Tue Jun 25 09:53:53 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 266
; <<>> DiG 9.16.28 <<>> www.apple.com AAAA @2001:4860:4860::8888
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61772
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.apple.com. IN AAAA
;; ANSWER SECTION:
www.apple.com. 258 IN CNAME www.apple.com.edgekey.net.
www.apple.com.edgekey.net. 21429 IN CNAME www.apple.com.edgekey.net.globalredir.akadns.net.
www.apple.com.edgekey.net.globalredir.akadns.net. 3600 IN CNAME e6858.dscx.akamaiedge.net.
e6858.dscx.akamaiedge.net. 20 IN AAAA 2402:800:6353:282::1aca
e6858.dscx.akamaiedge.net. 20 IN AAAA 2402:800:6353:28a::1aca
;; Query time: 312 msec
;; SERVER: 2001:4860:4860::8888#53(2001:4860:4860::8888)
;; WHEN: Tue Jun 25 09:41:14 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 232
; <<>> DiG 9.16.28 <<>> www.apple.com AAAA @2620:119:35::35
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33777
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1410
;; QUESTION SECTION:
;www.apple.com. IN AAAA
;; ANSWER SECTION:
www.apple.com. 412 IN CNAME www.apple.com.edgekey.net.
www.apple.com.edgekey.net. 18415 IN CNAME www.apple.com.edgekey.net.globalredir.akadns.net.
www.apple.com.edgekey.net.globalredir.akadns.net. 3600 IN CNAME e6858.dscx.akamaiedge.net.
e6858.dscx.akamaiedge.net. 20 IN AAAA 2402:800:6353:282::1aca
e6858.dscx.akamaiedge.net. 20 IN AAAA 2402:800:6353:28a::1aca
;; Query time: 171 msec
;; SERVER: 2620:119:35::35#53(2620:119:35::35)
;; WHEN: Tue Jun 25 09:41:50 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 232
Hopefully the NextDNS team will consider this idea. Thanks!
13 replies
-
up vote
-
up vote
-
up vote
-
Up Vote
-
Up
-
Uppp!
-
Up vote!
-
up vote!
-
Up
-
NextDNS have the infrastructure and the contacts to make this a really easy change. Worth doing imo.
-
I up vote this
-
Very great idea
Content aside
-
28
Likes
- 1 mth agoLast active
- 13Replies
- 396Views
-
18
Following