CNAME flatting and gro location with public DNS servers

I read this blog:
and could not yet figure out exactly how it works with public DNS servers.

When the user sends A request to my APEX domain (, does the resolver send the request to the DNS provider Authoritative nameserver that sends ש CNAME to the CDN Authoritative nameserver that resolve the IP and sends it back to the user through the DNS provider Authoritative nameserver?

In this article: A Look at the ECS Behavior of DNS Resolvers, that can be found here: Rabinovich / 70cbdde39a204b074fae15157e5b4bb24456a2bb
They show this example:

  1. Is packet No. 3 is a CNAME?
  2. Why is there a redirection in Fact 8?
  3. Does your brother Resolver know how to contact the cloud flare CDN Authoriative nameserver in Fact 12?

I would be happy if someone knows the subject and can detail or give an example with what packets are sent between the servers.


The diagram is nicely laid out. That top server "DNS Provider Authoritative Nameserver is Cloudflare’s SOA for that domain.

  1. No, that’s the “A” record for the actual hostname the CNAME points to.
  2. 8 is optional if their website 301 redirects to www.
  3. After this, the process pretty much repeats, and I don’t think the diagram is completely applicable to Cloudflare.

Is there a problem you’re trying to solve?

Hi, thank you for your answer.
I’m trying to understand how cloudflare know what is the client location when they use CNAME flatting?
Because they get the query from the Authoriative nameserver and not from the resolver.
so how they know which Pop is the nearest?
If i understand correctly, CNAME flatting works like that:

Cloudflare doesn’t use DNS to determine client location. With Anycast, it’s up to the ISP to route it to the nearest/fastest POP. But when the client connects to the POP, they do so from their client IP address.

In the context of ECS, Cloudflare don’t care what the Client location is.

What should happen here is that each Cloudflare POP makes a request to the authoritative DNS for the target of the CNAME record. That outbound request comes from a Cloudflare IP address that is recorded as being assigned to a particular location. The upstream DNS server can use that information if needed to perform geo-targeting. However, as a privacy centric service, Cloudflare does not forward on the Client subnet.

1 Like

So if I use google public DNS ( or another public DNS as my resolver, cloudflare will answer to my resolver location and not my ISP?

If it’s a website using Cloudflare, your browser will connect to the IP address Cloudflare has assigned that website, and your ISP will route your request to what it thinks is the nearest POP.

The POP I will get is associated with my resolver IP? Or there is a different way that cloudflare correlated me to one of their POPs?

Thank you, I understood what happened if I’m using my ISP DNS resolver.
So how cloudflare knows witch IP to send me if I’m using a public DNS as resolver? And not using ECS.
Thanks again, I’m appreciate your answers

And how does cloudflare know witch POP to connect me with if I’m using a public DNS resolver?
How can they see my x.x.x.x/24 subnet if I’m not sending ECS?

I will try to be more focused on my question:
Let’s say I (a user) are connected to Google’s public DNS resolver and through it sends DNS requests, not through my ISP.
When I want that my browser will connect to website that uses cloudflare services, I (the user) sends A request with the name of the domain to an authoritative nameserver that does CNAME flatting to the request and returns us as answer A query with the site’s IP.

My question is where does the user’s location go in the process I described? where cloudflare see the IP of the user during the process or the ISP IP when the user uses a public DNS resolver.

i draw the process as i see it, probably there is something i missed in my undeerstanding:

Resolvers have nothing to do with the user’s location. No matter where you are, you’re going to get the same Cloudflare IP address for that site.

It’s like asking for a Pumpkin Spice Latte. You go to Starbucks. The closest one, and you’ll get the same Pumpkin Spice Latte. Ask anybody, anywhere, and they’ll say Starbucks. You route yourself to the nearest one to get your Pumpkin Spice Latte.

You keep asking about CNAME flattening. The end result is the same. An IP address. CNAME is just a shortcut for an “A” record. That famous Seattle coffee company. I’ll flatten that for you and just say Starbucks. Go to the nearest one.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.