AWS Cloudfront

Hey Cloudflare !!

(cf.feitsui.com)

This is a server of AWS Cloudfront and on 1.1.1.1 DNS i’m connected from Singapore on AWS Cloudfront but other DNS resolver such as Google, OpenDNS and my ISP DNS connects me from Dubai servers which is give me 15ms and Singapore gives me 80-100ms.

See 1.1.1.1 prevents GeoIP based DNS lookups from working - 1.1.1.1 doesn’t forward the client’s real IP address via EDNS client subnet, so chances are that site is using a geoip-based service to route visitors to different servers, and it has an old/incorrect database (CF does a best-effort attempt to send a ‘fake’ IP in ECS that matches fairly closely to the visitor based on that thread, but that requires keeping an updated database).

Why you DNS resolver 1.1.1.1 does’nt support EDNS ? I know your DNS is world fastest DNS but these little mistakes will make your worldwide rating down. :sunglasses:

Statement from the CEO: https://news.ycombinator.com/item?id=19828702

… we don’t pass along the EDNS subnet information. This information leaks information about a requester’s IP and, in turn, sacrifices the privacy of users. This is especially problematic as we work to encrypt more DNS traffic since the request from Resolver to Authoritative DNS is typically unencrypted. We’re aware of real world examples where nationstate actors have monitored EDNS subnet information to track individuals, which was part of the motivation for the privacy and security policies of 1.1.1.1.

I remember asking you specifically not to open thread number twenty-five

On top, this does not need any further comment anyhow either

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.