1.1.1.1 DNS = Akamai Issues

For the last couple of weeks I’ve noticed services which use Akamai CDN have been extremely slow to load, if they do at all. For example the Microsoft admin centre is extremely slow loading, downloads on the Microsoft website just don’t get anywhere and the BBC iPlayer will constantly buffer.

image

At first I thought this was our ISP, Virgin Media (UK), as I could replicate this issue both at home and in our office. However through some more testing I’ve found if Cloudflare’s 1.1.1.1 DNS replaced with a different DNS provider, the issues no longer persist at either location.

Some traceroutes here: https://www.dropbox.com/s/fgovxbjhlkxp8e4/dns.txt?dl=1 (Can’t post these in this post as a new forum user unfortunately)

It seems to be when using Cloudflare’s DNS things go through Cogent, which is when the problems happen.

Looked into this myself and it seems to be something to do with Virgin hijacking DNS to redirect to their local akamai / netflix etc cache

dig @1.1.1.1 akadash0.akamaized.net +short
a1160.w10.akamai.net.
2.18.66.240
2.18.66.224

dig @8.8.8.8 akadash0.akamaized.net +short
a1160.w10.akamai.net.
213.106.24.176
213.106.24.203

The second request via google directs me to a local virgin cache (ping / traceroute the returned IPs) however it seems for some reason VM are hijacking requests to 1.1.1.1 and sending (for example) the above host via what i can only assume is an old cache.

Anytime I use 1.1.1.1 (without DoH) i get streaming issues with BBC / now tv / other akamai stuff, however using 8.8.8.8 everything works fine.

Google - traceroute to akadash0.akamaized.net (213.106.24.176), 30 hops max, 60 byte packets
1 local (192.xx.xx.xx 0.161 ms 0.122 ms 0.106 ms
2 10.53.34.249 (10.53.34.249) 14.032 ms 14.252 ms 14.593 ms
3 gate-core-2a-xe-133-0.network.virginmedia.net (80.0.145.221) 14.957 ms 14.598 ms 15.124 ms
4 * * *
5 * * *
6 manc-ic-3-ae0-0.network.virginmedia.net (62.253.174.98) 19.497 ms 22.363 ms 21.930 ms
7 cur1-melt2-0-0-cust175.12-1.cable.virginm.net (213.106.24.176) 21.458 ms 16.570 ms 16.546 ms

Cloudflare -

traceroute to 2.22.22.216 (2.22.22.216), 30 hops max, 60 byte packets
1 local (192.xx.xx.xx) 0.227 ms 0.132 ms 0.109 ms
2 10.53.34.249 (10.53.34.249) 9.539 ms 9.044 ms 10.740 ms
3 gate-core-2a-xe-501-0.network.virginmedia.net (82.2.240.105) 14.759 ms 14.995 ms 15.107 ms
4 * * *
5 * * *
6 86.85-254-62.static.virginmediabusiness.co.uk (62.254.85.86) 31.255 ms 27.901 ms 27.442 ms
7 * * *
8 be2868.ccr41.lon13.atlas.cogentco.com (154.54.57.153) 24.945 ms be2871.ccr42.lon13.atlas.cogentco.com (154.54.58.185) 23.840 ms be2868.ccr41.lon13.atlas.cogentco.com (154.54.57.153) 26.848 ms
9 be12497.ccr41.par01.atlas.cogentco.com (154.54.56.130) 34.458 ms 33.658 ms 34.757 ms
10 be3184.ccr31.par04.atlas.cogentco.com (154.54.38.158) 34.293 ms be2102.ccr32.par04.atlas.cogentco.com (154.54.61.18) 33.620 ms be2103.ccr32.par04.atlas.cogentco.com (154.54.61.22) 30.447 ms
11 be3169.agr21.par04.atlas.cogentco.com (154.54.37.238) 30.632 ms be2151.agr21.par04.atlas.cogentco.com (154.54.61.34) 32.348 ms 31.459 ms
12 akamai.demarc.cogentco.com (149.11.114.234) 30.621 ms 34.771 ms 34.096 ms
13 a2-22-22-216.deploy.static.akamaitechnologies.com (2.22.22.216) 29.639 ms 38.654 ms 37.058 ms

If i do the same dig from an external service, both google and cloudflare report the same IP range for that hostname, which confusingly is the address 1.1.1.1 sends me to on my virgin connection anyway, my thoughts are VM have a sub par peer / link to akamai as they have their own cache and expect most customers to use that.

$ dig @1.1.1.1 akadash0.akamaized.net +short
a1160.w10.akamai.net.
2.18.66.240
2.18.66.224

:~$ dig @8.8.8.8 akadash0.akamaized.net +short
a1160.w10.akamai.net.
2.18.66.240
2.18.66.224

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.