issue with ECS/EDNS0 and google dns not passing info

[Rob Canis]

I seem to be having an issue with google not passing on edns information to my servers.  I can force it if I do a +trace option, but if I do not, I get all kinds of answers because google tosses me all over the USA for resolvers.  This I can normally live with, but I have people in India that are getting west coast US resolvers and that's just not working.

Is there something I need to do with google to get on some whitelist or fix my dns servers (and don't say I need ipv6, that's just a non-starter at this time).

Thanks in advance!

[Alex Dupuy]

If you are not getting EDNS0 at all from Google Public DNS that would be very surprising.

If you are not getting ECS from Google Public DNS, your authoritative server is probably not following all of the requirements described at https://developers.google.com/speed/public-dns/docs/ecs.

Check that your authoritative name servers are properly implementing ECS for all queries (even if you are not returning geo-located answers for them).

 

Is there something I need to do with google to get on some whitelist or fix my dns servers (and don't say I need ipv6, that's just a non-starter at this time).

Your name servers do not have to be on IPv6, but you do need to properly handle IPv6 addresses in ECS (and this may be the reason for the problems you are having).

 

[Kisalaya Prasad]

Hi,

We can look into it in more detail, but we will need more info from you. 

What is the domain name you are trying to resolve for ? 

Also  https://developers.google.com/speed/public-dns/docs/ecs has more info.

thanks,

Kisalaya

[Rob Canis]

remote.lionresources.net

[Damian Zielinski]

--
You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-discuss+unsub...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/public-dns-discuss/400b864e-d322-4bb7-be52-3bae4e936f9dn%40googlegroups.com.

[Rob Canis]

anyone have any luck?

[Rob Canis]

still looking for help.

On Thursday, October 15, 2020 at 10:33:04 PM UTC-4 kisa...@google.com wrote:

[Tianhao Chi]

Can you also provide a valid ECS in a valid CIDR format for us to look it up?

[Rob Canis]

you can almost pick anything you want.  I have almost a dozen sites set up.  If you really need something specific, try 167.246.60.1 That should get you an 'east' answer.

[Rob Canis]

anything folks?  167.246.60.1/24 is a pretty good example of what to look for.

[Tianhao Chi]

I have looked it up in our internal debugging tool. ECS is always forwarded but it looks like ECS is requested but not received in nameserver's response.

[Puneet Sood]

On Sun, Nov 15, 2020 at 9:57 PM Rob Canis <rjc...@gmail.com> wrote:
>
> anything folks? 167.246.60.1/24 is a pretty good example of what to look for.

See the update in https://issuetracker.google.com/issues/173139531.

> --
> You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.

> To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-disc...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/public-dns-discuss/f2e5d358-1c8a-4c88-bd0e-1d69aa13bb44n%40googlegroups.com.

[hemant burman]

Hello, did you get a response on ticket 173139531, I am having the same issue, but do not have permission to see the resolution in the ticket

Thanks

[Rob Canis]

Nope.  Never did resolve the issue.  I gave up and went with Akamai.  I'm very disappointed in google for this issue.  Actually most of the industry.  I just couldn't win on this.