Hello
I have some public DNS questions about ECS implementation.
background:
www.a.shifen.com :For Chinese IP, you can directly parse IP. For non Chinese IP, CNAME to another domain name
Both domain names support different resolutions in different regions. The only difference is
www.a.shifen.com for non Chinese IP is CNAME to another domain name. But when I parse through 8.8.8.8 recursion. Whether ECS is added or not, xiaodu a.shifen. com can be parsed correctly. But
www.a.shifen.com will appear unexpected parsing.
for example:
1)
OR
Another different analysis(This is unexpected due to the direct proxy ECS option in the request.):
The performance of 8.8.8.8 without ECS request will also appear in both cases:
dig @
8.8.8.8 www.a.shifen.com; <<>> DiG 9.16.8 <<>> @
8.8.8.8 www.a.shifen.com; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52049
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;
www.a.shifen.com. IN A
;; ANSWER SECTION:
www.a.shifen.com. 300 IN A 180.101.49.11
www.a.shifen.com. 300 IN A 180.101.49.12
;; Query time: 150 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Mar 14 15:39:04 CST 2022
;; MSG SIZE rcvd: 77
Another
All the above requests are made on the same device at the same time. Because my export IP is Chinese mainland, the response with CNAME is unanticipated. It should be noted here that The authority of
a.shifen.com is to support IPv4 and IPv6 ECs. wshifen. The authority of COM supports IPv4 ECs.
It seems strange that if my domain name does not have CNAME in any ACL match, but directly returns the resolved IP according to different request IP, then the response is expected. like the domain
xiaodu.a.shifen.com.
Could you please explain the reason for this situation and how to realize it? If I want to support CNAME, how can I modify it?