4

Need to optimize EDNS0 Client Subnet (ECS) with some large CDN services

Hi,

After using nextdns for a while with the ultralow server, I realized that the team should further optimize ECS with large CDN services.

For Akamai's CDN service, I found nextdns doesn't send ECS when querying for domains with Akamai's CNAME.

Some big companies like Apple, Let's Encrypt,... use Akamai CDN to deliver data, but nextdns ECS doesn't send ECS. Meanwhile, Wikipedia's domain name when resolving to the same IP (without using a 3rd party CDN service), nextdns sends ECS.

Should nextdns consider to improve ECS, for example sending ECS when the domain name has the CNAME of the CDN.

For example:

Client: nextdns-cli

Country: Vietnam

ISP: Viettel

* Domain `www.apple.com`

- With nextdns

odroid@odroid:~$ dig www.apple.com CHAOS
;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.16.1-Ubuntu <<>> www.apple.com CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35036
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.apple.com.            CH    A

;; ANSWER SECTION:
www.apple.com.        5    IN    CNAME    www.apple.com.edgekey.net.
www.apple.com.edgekey.net. 5    IN    CNAME    www.apple.com.edgekey.net.globalredir.akadns.net.
www.apple.com.edgekey.net.globalredir.akadns.net. 5 IN CNAME e6858.dscx.akamaiedge.net.
e6858.dscx.akamaiedge.net. 5    IN    A    23.56.21.204
;; ADDITIONAL SECTION:
proto.nextdns.io.    0    CH    TXT    "DOH"
server.nextdns.io.    0    CH    TXT    "greencloud-han-1"
profile.nextdns.io.    0    CH    TXT    "fp9bcd6aeabd69c3f1"
client.nextdns.io.    0    CH    TXT    "171.245.214.***"
client-name.nextdns.io.    0    CH    TXT    "nextdns-cli"
smart-ecs.nextdns.io.    0    CH    TXT    "not sent"
;; Query time: 80 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Sep 09 10:58:34 +07 2022
;; MSG SIZE  rcvd: 401

- With Google DNS

odroid@odroid:~$ dig www.apple.com @8.8.8.8
; <<>> DiG 9.16.1-Ubuntu <<>> www.apple.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12759
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.apple.com.            IN    A
;; ANSWER SECTION:
www.apple.com.        1783    IN    CNAME    www.apple.com.edgekey.net.
www.apple.com.edgekey.net. 21560 IN    CNAME    www.apple.com.edgekey.net.globalredir.akadns.net.
www.apple.com.edgekey.net.globalredir.akadns.net. 3516 IN CNAME    e6858.dscx.akamaiedge.net.
e6858.dscx.akamaiedge.net. 15    IN    A    104.93.16.212
;; Query time: 32 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Sep 09 11:00:25 +07 2022
;; MSG SIZE  rcvd: 192

- With DNS ISP Viettel

odroid@odroid:~$ dig www.apple.com @203.113.188.1
; <<>> DiG 9.16.1-Ubuntu <<>> www.apple.com @203.113.188.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46103
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: d61f648323b836c801000000631abaafcb58044b25c10b52 (good)
;; QUESTION SECTION:
;www.apple.com.            IN    A
;; ANSWER SECTION:
www.apple.com.        100    IN    CNAME    www.apple.com.edgekey.net.
www.apple.com.edgekey.net. 17955 IN    CNAME    www.apple.com.edgekey.net.globalredir.akadns.net.
www.apple.com.edgekey.net.globalredir.akadns.net. 901 IN CNAME e6858.dscx.akamaiedge.net.
e6858.dscx.akamaiedge.net. 80    IN    A    171.236.60.223
;; Query time: 4 msec
;; SERVER: 203.113.188.1#53(203.113.188.1)
;; WHEN: Fri Sep 09 11:01:51 +07 2022
;; MSG SIZE  rcvd: 226
{ "ipAddress": "171.236.60.223", "continentCode": "AS", "continentName": "Asia", "countryCode": "VN", "countryName": "Vietnam", "isEuMember": false, "currencyCode": "VND", "currencyName": "Dong", "phonePrefix": "84", "languages": [ "vi", "en", "fr", "zh", "km" ], "stateProvCode": "HN", "stateProv": "Hanoi", "district": "Hoan Kiem", "city": "Hanoi", "geonameId": 1581130, "latitude": 21.0278, "longitude": 105.834, "gmtOffset": 7, "timeZone": "Asia/Bangkok", "weatherCode": "VMXX0006", "asNumber": 7552, "asName": "VIETEL-AS-AP", "isp": "Viettel Corporation", "linkType": "dsl", "usageType": "consumer", "organization": "Vietel", "isCrawler": false, "isProxy": false, "threatLevel": "low" }

 

* Domain `e1.o.lencr.org`

odroid@odroid:~$ dig e1.o.lencr.org CHAOS
;; Warning: Message parser reports malformed message packet.
; <<>> DiG 9.16.1-Ubuntu <<>> e1.o.lencr.org CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13569
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;e1.o.lencr.org.            CH    A
;; ANSWER SECTION:
e1.o.lencr.org.        5    IN    CNAME    o.lencr.edgesuite.net.
o.lencr.edgesuite.net.    5    IN    CNAME    a1887.dscq.akamai.net.
a1887.dscq.akamai.net.    5    IN    A    23.74.15.72
a1887.dscq.akamai.net.    5    IN    A    23.74.15.131
;; ADDITIONAL SECTION:
proto.nextdns.io.    0    CH    TXT    "DOH"
server.nextdns.io.    0    CH    TXT    "greencloud-han-1"
profile.nextdns.io.    0    CH    TXT    "fp9bcd6aeabd69c3f1"
client.nextdns.io.    0    CH    TXT    "171.245.214.***"
client-name.nextdns.io.    0    CH    TXT    "nextdns-cli"
smart-ecs.nextdns.io.    0    CH    TXT    "not sent"
;; Query time: 80 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Sep 09 11:10:36 +07 2022
;; MSG SIZE  rcvd: 351

- With Google DNS

odroid@odroid:~$ dig e1.o.lencr.org @8.8.8.8
; <<>> DiG 9.16.1-Ubuntu <<>> e1.o.lencr.org @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19241
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;e1.o.lencr.org.            IN    A
;; ANSWER SECTION:
e1.o.lencr.org.        120    IN    CNAME    o.lencr.edgesuite.net.
o.lencr.edgesuite.net.    1700    IN    CNAME    a1887.dscq.akamai.net.
a1887.dscq.akamai.net.    20    IN    A    125.234.51.9
a1887.dscq.akamai.net.    20    IN    A    125.234.51.8
;; Query time: 52 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Sep 09 11:11:55 +07 2022
;; MSG SIZE  rcvd: 142

- With DNS ISP Viettel

odroid@odroid:~$ dig e1.o.lencr.org @203.113.188.1
; <<>> DiG 9.16.1-Ubuntu <<>> e1.o.lencr.org @203.113.188.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24517
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: e7da11ad4928b44c01000000631abd53880bfc89cfcd4936 (good)
;; QUESTION SECTION:
;e1.o.lencr.org.            IN    A
;; ANSWER SECTION:
e1.o.lencr.org.        97    IN    CNAME    o.lencr.edgesuite.net.
o.lencr.edgesuite.net.    19789    IN    CNAME    a1887.dscq.akamai.net.
a1887.dscq.akamai.net.    25    IN    A    125.234.51.9
a1887.dscq.akamai.net.    25    IN    A    125.234.51.19
;; Query time: 4 msec
;; SERVER: 203.113.188.1#53(203.113.188.1)
;; WHEN: Fri Sep 09 11:13:07 +07 2022
;; MSG SIZE  rcvd: 173
{ "ipAddress": "125.234.51.9", "continentCode": "AS", "continentName": "Asia", "countryCode": "VN", "countryName": "Vietnam", "isEuMember": false, "currencyCode": "VND", "currencyName": "Dong", "phonePrefix": "84", "languages": [ "vi", "en", "fr", "zh", "km" ], "stateProvCode": "HN", "stateProv": "Hanoi", "district": "Hoan Kiem", "city": "Hanoi", "geonameId": 1581130, "latitude": 21.0278, "longitude": 105.834, "gmtOffset": 7, "timeZone": "Asia/Bangkok", "weatherCode": "VMXX0006", "asNumber": 7552, "asName": "VIETEL-AS-AP", "isp": "Viettel Corporation", "linkType": "dsl", "usageType": "consumer", "organization": "xDSL Services", "isCrawler": false, "isProxy": false, "threatLevel": "low" }

* Domain `vi.wikipedia.org`

odroid@odroid:~$ dig vi.wikipedia.org CHAOS
;; Warning: Message parser reports malformed message packet.
; <<>> DiG 9.16.1-Ubuntu <<>> vi.wikipedia.org CHAOS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28900
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;vi.wikipedia.org.        CH    A
;; ANSWER SECTION:
vi.wikipedia.org.    5    IN    CNAME    dyna.wikimedia.org.
dyna.wikimedia.org.    5    IN    A    103.102.166.224
;; ADDITIONAL SECTION:
server.nextdns.io.    0    CH    TXT    "greencloud-han-1"
profile.nextdns.io.    0    CH    TXT    "fp9bcd6aeabd69c3f1"
proto.nextdns.io.    0    CH    TXT    "DOH"
client.nextdns.io.    0    CH    TXT    "171.245.214.***"
client-name.nextdns.io.    0    CH    TXT    "nextdns-cli"
smart-ecs.nextdns.io.    0    CH    TXT    "23.40.76.0/24"
;; Query time: 536 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Sep 09 11:58:23 +07 2022
;; MSG SIZE  rcvd: 304

- With Google DNS

odroid@odroid:~$ dig vi.wikipedia.org @8.8.8.8
; <<>> DiG 9.16.1-Ubuntu <<>> vi.wikipedia.org @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24082
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;vi.wikipedia.org.        IN    A
;; ANSWER SECTION:
vi.wikipedia.org.    19800    IN    CNAME    dyna.wikimedia.org.
dyna.wikimedia.org.    501    IN    A    103.102.166.224
;; Query time: 36 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Sep 09 11:58:33 +07 2022
;; MSG SIZE  rcvd: 90

- With ISP DNS Viettel

odroid@odroid:~$ dig vi.wikipedia.org @203.113.188.1
; <<>> DiG 9.16.1-Ubuntu <<>> vi.wikipedia.org @203.113.188.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32811
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 37b024624b5417f401000000631ac801ff05c8d436530fa0 (good)
;; QUESTION SECTION:
;vi.wikipedia.org.        IN    A
;; ANSWER SECTION:
vi.wikipedia.org.    39727    IN    CNAME    dyna.wikimedia.org.
dyna.wikimedia.org.    309    IN    A    103.102.166.224
;; Query time: 4 msec
;; SERVER: 203.113.188.1#53(203.113.188.1)
;; WHEN: Fri Sep 09 11:58:41 +07 2022
;; MSG SIZE  rcvd: 121
4replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • can you test it with adguard dns?

    Like
      • BigDargon
      • BigDargon
      • 2 mths ago
      • Reported - view

      miixms Adguard DNS has no ECS, so the CDN server IP address that is resolved depends on the country in which Adguard DNS is located

      odroid@odroid:~$ dig www.apple.com @94.140.14.14
      ; <<>> DiG 9.16.1-Ubuntu <<>> www.apple.com @94.140.14.14
      ;; global options: +cmd
      ;; Got answer:
      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26209
      ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
      ;; OPT PSEUDOSECTION:
      ; EDNS: version: 0, flags:; udp: 4096
      ;; QUESTION SECTION:
      ;www.apple.com.            IN    A
      ;; ANSWER SECTION:
      www.apple.com.        33    IN    CNAME    www.apple.com.edgekey.net.
      www.apple.com.edgekey.net. 33    IN    CNAME    www.apple.com.edgekey.net.globalredir.akadns.net.
      www.apple.com.edgekey.net.globalredir.akadns.net. 33 IN    CNAME e6858.dscx.akamaiedge.net.
      e6858.dscx.akamaiedge.net. 33    IN    A    104.83.196.219
      ;; Query time: 52 msec
      ;; SERVER: 94.140.14.14#53(94.140.14.14)
      ;; WHEN: Fri Sep 09 15:39:24 +07 2022
      ;; MSG SIZE  rcvd: 192
      
      odroid@odroid:~$ dig e1.o.lencr.org @94.140.14.14
      ; <<>> DiG 9.16.1-Ubuntu <<>> e1.o.lencr.org @94.140.14.14
      ;; global options: +cmd
      ;; Got answer:
      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58427
      ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 1
      ;; OPT PSEUDOSECTION:
      ; EDNS: version: 0, flags:; udp: 4096
      ;; QUESTION SECTION:
      ;e1.o.lencr.org.            IN    A
      ;; ANSWER SECTION:
      e1.o.lencr.org.        58    IN    CNAME    o.lencr.edgesuite.net.
      o.lencr.edgesuite.net.    15528    IN    CNAME    a1887.dscq.akamai.net.
      a1887.dscq.akamai.net.    60    IN    A    23.49.60.186
      a1887.dscq.akamai.net.    60    IN    A    23.49.60.191
      a1887.dscq.akamai.net.    60    IN    A    23.49.60.162
      a1887.dscq.akamai.net.    60    IN    A    23.49.60.161
      a1887.dscq.akamai.net.    60    IN    A    23.49.60.192
      a1887.dscq.akamai.net.    60    IN    A    23.49.60.167
      a1887.dscq.akamai.net.    60    IN    A    23.49.60.177
      a1887.dscq.akamai.net.    60    IN    A    23.49.60.160
      a1887.dscq.akamai.net.    60    IN    A    23.49.60.170
      ;; Query time: 144 msec
      ;; SERVER: 94.140.14.14#53(94.140.14.14)
      ;; WHEN: Fri Sep 09 15:39:47 +07 2022
      ;; MSG SIZE  rcvd: 254
      
      odroid@odroid:~$ dig vi.wikipedia.org @94.140.14.14
      ; <<>> DiG 9.16.1-Ubuntu <<>> vi.wikipedia.org @94.140.14.14
      ;; global options: +cmd
      ;; Got answer:
      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38242
      ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
      ;; OPT PSEUDOSECTION:
      ; EDNS: version: 0, flags:; udp: 4096
      ;; QUESTION SECTION:
      ;vi.wikipedia.org.        IN    A
      ;; ANSWER SECTION:
      vi.wikipedia.org.    86337    IN    CNAME    dyna.wikimedia.org.
      dyna.wikimedia.org.    537    IN    A    103.102.166.224
      ;; Query time: 40 msec
      ;; SERVER: 94.140.14.14#53(94.140.14.14)
      ;; WHEN: Fri Sep 09 15:40:06 +07 2022
      ;; MSG SIZE  rcvd: 90
      
      Like
  • Previously, I had checked 3 carriers in Vietnam (Viettel, VNPT and FPT) with Google DNS by sending ECS. As a result, all carriers have Akamai's servers.

    I think, nextdns needs to improve more domains with CNAMEs of some big CDNs to optimize/prioritize connections in server country!

    Previous tests with the remaining 2 carriers. Since carriers block DNS queries that aren't on the same carrier, I use Google DNS and send subnets.

    - VNPT

    ; <<>> DiG 9.11.3-1ubuntu1.13-Ubuntu <<>> www.apple.com @8.8.8.8 +subnet=113.160.0.0/24
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27574
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 512
    ; CLIENT-SUBNET: 113.160.0.0/24/20
    ;; QUESTION SECTION:
    ;www.apple.com.                 IN      A
    
    ;; ANSWER SECTION:
    www.apple.com.          1067    IN      CNAME   www.apple.com.edgekey.net.
    www.apple.com.edgekey.net. 9161 IN      CNAME   www.apple.com.edgekey.net.globalredir.akadns.net.
    www.apple.com.edgekey.net.globalredir.akadns.net. 3442 IN CNAME e6858.dsce9.akamaiedge.net.
    e6858.dsce9.akamaiedge.net. 19  IN      A       23.53.209.60
    
    ;; Query time: 37 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)
    ;; WHEN: Fri Nov 27 14:03:21 +07 2020
    ;; MSG SIZE  rcvd: 204
    
    { "ipAddress": "23.53.209.60", "continentCode": "AS", "continentName": "Asia", "countryCode": "VN", "countryName": "Vietnam", "isEuMember": false, "currencyCode": "VND", "currencyName": "Dong", "phonePrefix": "84", "languages": [ "vi", "en", "fr", "zh", "km" ], "stateProvCode": "HN", "stateProv": "Hanoi", "district": "Hoan Kiem", "city": "Hanoi", "geonameId": 1581130, "latitude": 21.0278, "longitude": 105.834, "gmtOffset": 7, "timeZone": "Asia/Bangkok", "weatherCode": "VMXX0006", "asNumber": 45899, "asName": "VNPT-AS-VN", "isp": "VNPT Corp", "usageType": "hosting", "organization": "Akamai Technologies, Inc.", "isCrawler": false, "isProxy": false, "threatLevel": "low" }
    

    - FPT

    ; <<>> DiG 9.11.3-1ubuntu1.13-Ubuntu <<>> www.apple.com @8.8.8.8 +subnet=1.52.0.0/24
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18095
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 512
    ; CLIENT-SUBNET: 1.52.0.0/24/20
    ;; QUESTION SECTION:
    ;www.apple.com.                 IN      A
    
    ;; ANSWER SECTION:
    www.apple.com.          320     IN      CNAME   www.apple.com.edgekey.net.
    www.apple.com.edgekey.net. 5533 IN      CNAME   www.apple.com.edgekey.net.globalredir.akadns.net.
    www.apple.com.edgekey.net.globalredir.akadns.net. 2825 IN CNAME e6858.dsce9.akamaiedge.net.
    e6858.dsce9.akamaiedge.net. 19  IN      A       118.68.81.235
    
    ;; Query time: 31 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)
    ;; WHEN: Fri Nov 27 14:05:11 +07 2020
    ;; MSG SIZE  rcvd: 204
    
    { "ipAddress": "118.68.81.235", "continentCode": "AS", "continentName": "Asia", "countryCode": "VN", "countryName": "Vietnam", "isEuMember": false, "currencyCode": "VND", "currencyName": "Dong", "phonePrefix": "84", "languages": [ "vi", "en", "fr", "zh", "km" ], "stateProvCode": "HN", "stateProv": "Hanoi", "district": "Hoan Kiem", "city": "Hanoi", "geonameId": 1581130, "latitude": 21.0278, "longitude": 105.834, "gmtOffset": 7, "timeZone": "Asia/Bangkok", "weatherCode": "VMXX0006", "asNumber": 18403, "asName": "FPT-AS-AP", "isp": "Vietnam Internet Network Information Center", "usageType": "corporate", "organization": "FPT Telecom Company", "isCrawler": false, "isProxy": false, "threatLevel": "low" }
    
    Like
  • Recently, I checked again, dev NextDNS have been listening and are optimizing ECS with large CDN services. I randomly checked the new domain www.tiktok.com & cf.shopee.vn also using akamai's service. The result was amazing, NextDNS sent ECS with akamai's service CNAME.

    Although NextDNS sent ECS, it seems that akamai's authority server did not send that carrier's server IP. I'm using ISP Viettel, but when I send ECS, the akamai server's return address is at ISP VNPT (the anexia-han server is renting VNPT's network infrastructure)

    Anyway, this optimizes NextDNS's anonymous ECS feature. Thank you!

    - Domain www.apple.com

    ; <<>> DiG 9.16.33-Debian <<>> www.apple.com CHAOS
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48628
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 7
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 1232
    ;; QUESTION SECTION:
    ;www.apple.com.                 CH      A
    ;; ANSWER SECTION:
    www.apple.com.          5       IN      CNAME   www.apple.com.edgekey.net.
    www.apple.com.edgekey.net. 5    IN      CNAME   www.apple.com.edgekey.net.globalredir.akadns.net.
    www.apple.com.edgekey.net.globalredir.akadns.net. 5 IN CNAME e6858.dscx.akamaiedge.net.
    e6858.dscx.akamaiedge.net. 5    IN      A       113.171.18.77
    ;; ADDITIONAL SECTION:
    client.nextdns.io.      0       CH      TXT     "171.245.222.142"
    server.nextdns.io.      0       CH      TXT     "anexia-han-1"
    profile.nextdns.io.     0       CH      TXT     "fp9bcd6aeabd69c3f1"
    client-name.nextdns.io. 0       CH      TXT     "nextdns-cli"
    proto.nextdns.io.       0       CH      TXT     "DOH"
    smart-ecs.nextdns.io.   0       CH      TXT     "23.40.76.0/24"
    ;; Query time: 28 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Nov 22 22:25:22 +07 2022
    ;; MSG SIZE  rcvd: 402

    - Domain e1.o.lencr.org

    ; <<>> DiG 9.16.33-Debian <<>> e1.o.lencr.org CHAOS
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38124
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 7
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 1232
    ;; QUESTION SECTION:
    ;e1.o.lencr.org.                        CH      A
    ;; ANSWER SECTION:
    e1.o.lencr.org.         5       IN      CNAME   o.lencr.edgesuite.net.
    o.lencr.edgesuite.net.  5       IN      CNAME   a1887.dscq.akamai.net.
    a1887.dscq.akamai.net.  5       IN      A       113.171.12.10
    a1887.dscq.akamai.net.  5       IN      A       113.171.12.96
    ;; ADDITIONAL SECTION:
    client-name.nextdns.io. 0       CH      TXT     "nextdns-cli"
    proto.nextdns.io.       0       CH      TXT     "DOH"
    server.nextdns.io.      0       CH      TXT     "anexia-han-1"
    profile.nextdns.io.     0       CH      TXT     "fp9bcd6aeabd69c3f1"
    client.nextdns.io.      0       CH      TXT     "171.245.222.142"
    smart-ecs.nextdns.io.   0       CH      TXT     "23.40.76.0/24"
    ;; Query time: 128 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Nov 22 22:25:46 +07 2022
    ;; MSG SIZE  rcvd: 352

    - Domain www.tiktok.com

    ; <<>> DiG 9.16.33-Debian <<>> www.tiktok.com CHAOS
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25942
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 7
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 1232
    ;; QUESTION SECTION:
    ;www.tiktok.com.                        CH      A
    ;; ANSWER SECTION:
    www.tiktok.com.         5       IN      CNAME   www.tiktok.com.edgesuite.net.
    www.tiktok.com.edgesuite.net. 5 IN      CNAME   a2047.r.akamai.net.
    a2047.r.akamai.net.     5       IN      A       113.171.12.131
    a2047.r.akamai.net.     5       IN      A       113.171.12.123
    a2047.r.akamai.net.     5       IN      A       113.171.12.9
    a2047.r.akamai.net.     5       IN      A       113.171.12.130
    a2047.r.akamai.net.     5       IN      A       113.171.12.8
    a2047.r.akamai.net.     5       IN      A       113.171.12.122
    a2047.r.akamai.net.     5       IN      A       113.171.12.128
    a2047.r.akamai.net.     5       IN      A       113.171.12.129
    a2047.r.akamai.net.     5       IN      A       113.171.12.121
    ;; ADDITIONAL SECTION:
    proto.nextdns.io.       0       CH      TXT     "DOH"
    client.nextdns.io.      0       CH      TXT     "171.245.222.142"
    server.nextdns.io.      0       CH      TXT     "anexia-han-1"
    profile.nextdns.io.     0       CH      TXT     "fp9bcd6aeabd69c3f1"
    client-name.nextdns.io. 0       CH      TXT     "nextdns-cli"
    smart-ecs.nextdns.io.   0       CH      TXT     "23.40.76.0/24"
    ;; Query time: 160 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Nov 22 22:25:54 +07 2022
    ;; MSG SIZE  rcvd: 468

    - Domain cf.shopee.vn

    ; <<>> DiG 9.16.33-Debian <<>> cf.shopee.vn CHAOS
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 827
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 7
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 1232
    ;; QUESTION SECTION:
    ;cf.shopee.vn.                  CH      A
    ;; ANSWER SECTION:
    cf.shopee.vn.           5       IN      CNAME   cf.shopee.vn.akamaized.net.
    cf.shopee.vn.akamaized.net. 5   IN      CNAME   a1958.w16.akamai.net.
    a1958.w16.akamai.net.   5       IN      A       23.45.127.193
    a1958.w16.akamai.net.   5       IN      A       23.45.127.177
    ;; ADDITIONAL SECTION:
    proto.nextdns.io.       0       CH      TXT     "DOH"
    profile.nextdns.io.     0       CH      TXT     "fp9bcd6aeabd69c3f1"
    client-name.nextdns.io. 0       CH      TXT     "nextdns-cli"
    server.nextdns.io.      0       CH      TXT     "greencloud-han-1"
    client.nextdns.io.      0       CH      TXT     "171.245.222.142"
    smart-ecs.nextdns.io.   0       CH      TXT     "23.40.76.0/24"
    ;; Query time: 139 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Nov 22 22:58:46 +07 2022
    ;; MSG SIZE  rcvd: 358
    
    Like
Like4 Follow
  • 4 Likes
  • 8 days agoLast active
  • 4Replies
  • 200Views
  • 4 Following