CloudFlare DNS Returning Facebook Hong Kong (A) Record

We use CloudFlare as DNS forwarders. Periodically CloudFlare will return one of Facebook’s IPs that appears as being in Hong Kong:

facebook.com
Server: 1.1.1.1
Address: 1.1.1.1#53
Non-authoritative answer:
Name: facebook.com
Address: 157.240.211.35

set type=ptr
157.240.211.35
Server: 1.1.1.2
Address: 1.1.1.2#53
Non-authoritative answer:
“35.211.240.157.in-addr.arpa name = edge-star-mini-shv-02-hkg4.facebook.com

Facebook does own the entire /16 for 157.240.0.0 and could put any of those IPs anywhere in the world they want to.

Google DNS servers do not have this record in their rotation.

We block traffic to many middle and far east countries making it seem like the site is broken.

Why would Cloudflare be returning an IP that either appears to be, or is in Hong Kong?

While i could just switch my DNS forwarders to Google (I’d rather not), or create a DNS Zone Internally with NS Records pointing to Google DNS, or allow traffic to reach Hong Kong, these are all not really ideal solutions

Is there an issue with Facebook or Cloudflare Geo-loadbalancing maybe?

Traceroute from GSuite Tools:

traceroute to 157.240.211.35 (157.240.211.35), 30 hops max

Hop Host IP Time (ms)
1 _gateway 209.151.144.1 0.114ms
2 100.70.134.49 100.70.134.49 0.302ms
3 172.23.255.229 172.23.255.229 0.371ms
4 172.23.255.238 172.23.255.238 0.186ms
5 94.237.0.38 0.177ms
6 62.115.191.108 1.337ms
7 edge-star-mini-shv-02-hkg4.facebook.com 157.240.211.35 154.013ms

Thanks in advance for any suggestions.

AFAIK Cloudflare’s 1.1.1.1 doesn’t send ECDS Client Subnet (for geolocation, etc), so returned IPs might be random compared to google dns, etc

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.