I have some public DNS questions about ECS implementation.
：For Chinese IP, you can directly parse IP. For non Chinese IP, CNAME to another domain name
Both domain names support different resolutions in different regions. The only difference is www.a.shifen.com
for non Chinese IP is CNAME to another domain name. But when I parse through 220.127.116.11 recursion. Whether ECS is added or not, xiaodu a.shifen. com can be parsed correctly. But www.a.shifen.com
will appear unexpected parsing.
Another different analysis（This is unexpected due to the direct proxy ECS option in the request.）：
The performance of 18.104.22.168 without ECS request will also appear in both cases：
dig @22.214.171.124 www.a.shifen.com
; <<>> DiG 9.16.8 <<>> @126.96.36.199 www.a.shifen.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52049
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
. IN A
;; ANSWER SECTION:www.a.shifen.com
. 300 IN A 188.8.131.52www.a.shifen.com
. 300 IN A 184.108.40.206
;; Query time: 150 msec
;; SERVER: 220.127.116.11#53(18.104.22.168)
;; WHEN: Mon Mar 14 15:39:04 CST 2022
;; MSG SIZE rcvd: 77
All the above requests are made on the same device at the same time. Because my export IP is Chinese mainland, the response with CNAME is unanticipated. It should be noted here that The authority of a.shifen.com
is to support IPv4 and IPv6 ECs. wshifen. The authority of COM supports IPv4 ECs.
It seems strange that if my domain name does not have CNAME in any ACL match, but directly returns the resolved IP according to different request IP, then the response is expected. like the domain xiaodu.a.shifen.com
Could you please explain the reason for this situation and how to realize it? If I want to support CNAME, how can I modify it?