We use Cloudflare as DNS forwarders. Periodically Cloudflare will return one of Facebook’s IPs that appears as being in Hong Kong:
facebook.com
Server: 1.1.1.1
Address: 1.1.1.1#53
Non-authoritative answer:
Name: facebook.com
Address: 157.240.211.35
set type=ptr
157.240.211.35
Server: 1.1.1.2
Address: 1.1.1.2#53
Non-authoritative answer:
“35.211.240.157.in-addr.arpa name = edge-star-mini-shv-02-hkg4.facebook.com”
Facebook does own the entire /16 for 157.240.0.0 and could put any of those IPs anywhere in the world they want to.
Google DNS servers do not have this record in their rotation.
We block traffic to many middle and far east countries making it seem like the site is broken.
Why would Cloudflare be returning an IP that either appears to be, or is in Hong Kong?
While i could just switch my DNS forwarders to Google (I’d rather not), or create a DNS Zone Internally with NS Records pointing to Google DNS, or allow traffic to reach Hong Kong, these are all not really ideal solutions
Is there an issue with Facebook or Cloudflare Geo-loadbalancing maybe?
Traceroute from GSuite Tools:
traceroute to 157.240.211.35 (157.240.211.35), 30 hops max
| Hop | Host | IP | Time (ms) |
|---|---|---|---|
| 1 | _gateway | 209.151.144.1 | 0.114ms |
| 2 | 100.70.134.49 | 100.70.134.49 | 0.302ms |
| 3 | 172.23.255.229 | 172.23.255.229 | 0.371ms |
| 4 | 172.23.255.238 | 172.23.255.238 | 0.186ms |
| 5 | 94.237.0.38 | 0.177ms | |
| 6 | 62.115.191.108 | 1.337ms | |
| 7 | edge-star-mini-shv-02-hkg4.facebook.com | 157.240.211.35 | 154.013ms |
Thanks in advance for any suggestions.