Got private IP address when resolve "home.sina.com" from China

[d20...@gmail.com]

Google public DNS returns 10.10.10.10, when I try to resolve "home.sina.com" from China.

https://dns.google.com/query?name=home.sina.com&type=A&dnssec=true&ecs=114.114.114.114

But OpenDNS works well with this domain.

dig home.sina.com. @208.67.222.222

; <<>> DiG 9.10.6 <<>> home.sina.com. @208.67.222.222

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3980

;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;home.sina.com. IN A

;; ANSWER SECTION:

home.sina.com. 60 IN CNAME us.sina.cn.

us.sina.cn. 60 IN CNAME us.sina.com.

us.sina.com. 60 IN A 66.102.251.24

;; Query time: 627 msec

;; SERVER: 208.67.222.222#53(208.67.222.222)

;; WHEN: Tue Jun 18 12:43:50 CST 2019

;; MSG SIZE  rcvd: 99

Not only "home.sina.com", but also "sina.com.hk", "blog.sina.com.hk", "chinanews.sina.com" and more have this problem.

[Alex Dupuy]

I'm not sure how OpenDNS works with this domain, but I expect it is because they do not send EDNS Client Subnet (ECS) data to the sina.com/sina.com.cn name servers (OpenDNS will only send ECS to domains that have explicitly requested it by e-mail contact, while Google Public DNS autodetects ECS support).

The name servers for home.sina.com etc. are returning the bogus 10.10.10.10 address for ECS that geo-locates to China; this is probably intentional, and Google Public DNS will return their response.

$ dig +nocmd home.sina.com +subnet=58.217.249.0/24 @ns1.sina.com

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30553

;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 8, ADDITIONAL: 9

;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

; CLIENT-SUBNET: 58.217.249.0/24/24

;; QUESTION SECTION:

;home.sina.com.                 IN      A

;; ANSWER SECTION:

home.sina.com.          60      IN      A       10.10.10.10

;; AUTHORITY SECTION:

sina.com.               86400   IN      NS      ns3.sina.com.cn.

sina.com.               86400   IN      NS      ns4.sina.com.cn.

sina.com.               86400   IN      NS      ns2.sina.com.

sina.com.               86400   IN      NS      ns1.sina.com.cn.

sina.com.               86400   IN      NS      ns1.sina.com.

sina.com.               86400   IN      NS      ns3.sina.com.

sina.com.               86400   IN      NS      ns4.sina.com.

sina.com.               86400   IN      NS      ns2.sina.com.cn.

;; ADDITIONAL SECTION:

ns1.sina.com.cn.        86400   IN      A       36.51.252.8

ns2.sina.com.cn.        86400   IN      A       180.149.138.199

ns3.sina.com.cn.        86400   IN      A       123.125.29.99

ns1.sina.com.           86400   IN      A       114.134.80.144

ns2.sina.com.           86400   IN      A       114.134.80.145

ns4.sina.com.cn.        86400   IN      A       121.14.1.22

ns3.sina.com.           86400   IN      A       180.149.138.199

ns4.sina.com.           86400   IN      A       123.125.29.99

;; Query time: 220 msec

;; SERVER: 114.134.80.144#53(114.134.80.144)

;; WHEN: Fri Jul 05 08:57:24 CDT 2019

;; MSG SIZE  rcvd: 352

Users in China are effectively being forced to use the alternate domain name sina.com.cn, which does resolve:

$ dig +nocmd home.sina.com.cn +subnet=114.114.114.114 @8.8.8.8

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44765

;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 512

; CLIENT-SUBNET: 114.114.114.114/32/24

;; QUESTION SECTION:

;home.sina.com.cn.              IN      A

;; ANSWER SECTION:

home.sina.com.cn.       59      IN      CNAME   spool.grid.sinaedge.com.

spool.grid.sinaedge.com. 59     IN      A       202.102.94.124

;; Query time: 515 msec

;; SERVER: 8.8.8.8#53(8.8.8.8)

;; WHEN: Fri Jul 05 08:58:29 CDT 2019

;; MSG SIZE  rcvd: 110