ECS being disregarded sometimes for Akamai domains
168 views
Skip to first unread message
Agneev Mukherjee
Jan 25, 2022, 9:11:33 AM1/25/22
to public-dns-discuss
Hello,
I have dnsmasq configured with a ECS subnet and I can verify that the data actually goes through.
```
~> kdig TXT o-o.myaddr.l.google.com +short @xxx
"74.125.178.133"
"edns0-client-subnet 150.107.179.0/24"
"74.125.178.133"
"edns0-client-subnet 150.107.179.0/24"
```
However, sometimes it returns IPs outside of ISP's Akamai cache:
```sh
# ECS miss
~> kdig @xxx iosapps.itunes.apple.com
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 43252
;; Flags: qr rd ra; QUERY: 1; ANSWER: 7; AUTHORITY: 0; ADDITIONAL: 0
;; QUESTION SECTION:
;; iosapps.itunes.apple.com. IN A
;; ANSWER SECTION:
iosapps.itunes.apple.com. 18 IN CNAME iosapps.itunes-apple.com.akadns.net.
iosapps.itunes-apple.com.akadns.net. 21 IN CNAME iosapps.itunes.g.aaplimg.com.
iosapps.itunes.g.aaplimg.com. 3 IN CNAME iosapps-in-lb.itunes-apple.com.akadns.net.
iosapps-in-lb.itunes-apple.com.akadns.net. 270 IN CNAME iosapps.itunes.apple.com.edgesuite.net.
iosapps.itunes.apple.com.edgesuite.net. 21584 IN CNAME a1212.dscda1.akamai.net.
a1212.dscda1.akamai.net. 11 IN A 23.198.4.56
a1212.dscda1.akamai.net. 11 IN A 23.198.4.51
;; Received 273 B
;; Time 2022-01-22 21:19:43 IST
;; From xxx@xxx in 40.8 ms
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 43252
;; Flags: qr rd ra; QUERY: 1; ANSWER: 7; AUTHORITY: 0; ADDITIONAL: 0
;; QUESTION SECTION:
;; iosapps.itunes.apple.com. IN A
;; ANSWER SECTION:
iosapps.itunes.apple.com. 18 IN CNAME iosapps.itunes-apple.com.akadns.net.
iosapps.itunes-apple.com.akadns.net. 21 IN CNAME iosapps.itunes.g.aaplimg.com.
iosapps.itunes.g.aaplimg.com. 3 IN CNAME iosapps-in-lb.itunes-apple.com.akadns.net.
iosapps-in-lb.itunes-apple.com.akadns.net. 270 IN CNAME iosapps.itunes.apple.com.edgesuite.net.
iosapps.itunes.apple.com.edgesuite.net. 21584 IN CNAME a1212.dscda1.akamai.net.
a1212.dscda1.akamai.net. 11 IN A 23.198.4.56
a1212.dscda1.akamai.net. 11 IN A 23.198.4.51
;; Received 273 B
;; Time 2022-01-22 21:19:43 IST
;; From xxx@xxx in 40.8 ms
```
```sh
# ECS hit
~> kdig @xxx iosapps.itunes.apple.com
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 58316
;; Flags: qr rd ra; QUERY: 1; ANSWER: 7; AUTHORITY: 0; ADDITIONAL: 0
;; QUESTION SECTION:
;; iosapps.itunes.apple.com. IN A
;; ANSWER SECTION:
iosapps.itunes.apple.com. 279 IN CNAME iosapps.itunes-apple.com.akadns.net.
iosapps.itunes-apple.com.akadns.net. 268 IN CNAME iosapps.itunes.g.aaplimg.com.
iosapps.itunes.g.aaplimg.com. 1 IN CNAME iosapps-in-lb.itunes-apple.com.akadns.net.
iosapps-in-lb.itunes-apple.com.akadns.net. 123 IN CNAME iosapps.itunes.apple.com.edgesuite.net.
iosapps.itunes.apple.com.edgesuite.net. 20786 IN CNAME a1212.dscda1.akamai.net.
a1212.dscda1.akamai.net. 9 IN A 203.171.247.234
a1212.dscda1.akamai.net. 9 IN A 203.171.247.225
;; Received 273 B
;; Time 2022-01-22 21:19:45 IST
;; From xxx@xxx in 44.4 ms
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 58316
;; Flags: qr rd ra; QUERY: 1; ANSWER: 7; AUTHORITY: 0; ADDITIONAL: 0
;; QUESTION SECTION:
;; iosapps.itunes.apple.com. IN A
;; ANSWER SECTION:
iosapps.itunes.apple.com. 279 IN CNAME iosapps.itunes-apple.com.akadns.net.
iosapps.itunes-apple.com.akadns.net. 268 IN CNAME iosapps.itunes.g.aaplimg.com.
iosapps.itunes.g.aaplimg.com. 1 IN CNAME iosapps-in-lb.itunes-apple.com.akadns.net.
iosapps-in-lb.itunes-apple.com.akadns.net. 123 IN CNAME iosapps.itunes.apple.com.edgesuite.net.
iosapps.itunes.apple.com.edgesuite.net. 20786 IN CNAME a1212.dscda1.akamai.net.
a1212.dscda1.akamai.net. 9 IN A 203.171.247.234
a1212.dscda1.akamai.net. 9 IN A 203.171.247.225
;; Received 273 B
;; Time 2022-01-22 21:19:45 IST
;; From xxx@xxx in 44.4 ms
```
pun...@google.com
Jan 25, 2022, 3:55:50 PM1/25/22
to public-dns-discuss
Can you file a ticket using https://b.corp.google.com/issues/new?component=191885&template=1213505?
Provide as much relevant detail as possible including where (metro) you are seeing the problem.
Reply all
Reply to author
Forward
0 new messages