DNS-queries go to the wrong profile-ID. Bug in ECS/hostname/SNI?!
Background:
I have had one profile-ID since I started using DNS years ago. Let's call this profile-ID "aaaaaa".
A week ago I created a new profile since my old ID has leaked. Let's call this new profile-ID "bbbbbb".
I decided to keep my old profile "aaaaaa" to check that things was working OK and cleared the log to monitor for any "leaks".
Issue:
I see queries to my old profile "aaaaaa" even though I 100% changed it in all places on my router. I'm 100% sure "aaaaaa" is not used anywhere, so how can queries still reach "aaaaaa"??? It seems to jump between my old profile "aaaaaa" and "bbbbbb". Can see queries for hours in one profile and then it randomly switches to the other. It must be some technical DNS/NextDNS backend issues, since I erased all traces of "aaaaaa" on my side.
More info:
When I surf to "test.nextdns.io" my old profile sometimes is incorrectly shown on line 3. How is this even possible?!
{
"status": "ok",
"protocol": "DOQ",
"profile": "<my_old_profile_id_is_shown_here>",
"client": "xx.xx.xx.xx",
"srcIP": "xx.xx.xx.xx",
"destIP": "188.172.192.71",
"anycast": false,
"server": "anexia-cph-1",
"clientName": "unknown-doq",
"deviceName": "DK-ANX-DoQ",
"deviceID": "XXXXX"
}
A "ping.nextdns.io" looks normal:
■ anexia-cph 2 ms (anycast2, ultralow1)
zepto-cph 3 ms (anycast1, ultralow2)
anexia-osl 10 ms
zepto-sto 10 ms
anexia-sto 11 ms
zepto-osl 11 ms
zepto-prg 21 ms
anexia-prg 21 ms
zepto-waw 22 ms
zepto-ber 25 ms
The steering looks OK:
;; ANSWER SECTION:
dns1.nextdns.io. 600 IN CNAME dns1.steering.nextdns.io.
dns1.steering.nextdns.io. 600 IN A 188.172.192.71
dns2.nextdns.io. 600 IN CNAME dns2.steering.nextdns.io.
dns2.steering.nextdns.io. 600 IN A 38.175.117.129
It's the same issue for all protocols (DoT, DoQ and DoH3) showing up randomly in the old profile.
The hostname is configured like this: DK-ANX-DoQ-bbbbbb.dns.nextdns.io
One strange thing I noticed is that ECS is now almost revealing my whole original IP except the last digit and it used to be something generic. Also the subnet is shows as "/24/24" which looks incorrect.
dns1.steering.nextdns.io. 0s TXT "ecs: XX.XX.XX.0/24/24"
When I go to the admin-portal from a desktop client behind the router, it shows this when it is using the old profile. What mechanism decides the steering/routing to what profile since it seems randomly to ignore the "hostname/SNI"?! Must be something on "your side".
5 replies
-
With DoQ or DoT, SNI is used to get the profile id. The only thing that could override SNI is if you embed the profile id in the DNS query using EDNS0 CPEID.
The aaaaaa profile id has to be in the request you send somehow for our edge to associate it. There is 0 link between profiles from the point of view of our DNS edges, would they come from the same account or not.
Content aside
- yesterdayLast active
- 5Replies
- 173Views
-
3
Following