Coudflare DNS

We plan to use Cloudflare DNS as resolver, but have a question before we implement this.

If I make a request for e.g. learn.microsoft.com (a site globally distribute by Akamai with many global distributed IP addresses behind) to both of your DNS Servers - can you guarantee that both respond with the same IP address at the same time?

I ask this because we had problems in the past that other DNS providers responded with different IP addresses which is bad for our firewall and dynamic rules.

Thanks a lot for your help!

A “recursive DNS” / “DNS resolver” will simply ask the authoritative DNS for hints on where to reach the given (sub)domain/hostname.

The “recursive DNS” / “DNS resolver” will typically cache it for a while to avoid (sometimes with full, but sometimes with less respect towards the TTL provided by the authoritative DNS provide).

No “recursive DNS” / “DNS resolver” will ever be able to guarantee you that.

I tried some multi-location DNS checker websites.

Sao Paulo, Brazil responded “184.85.33.200, 2600:1419:4e00:186::3544, 2600:1419:4e00:184::3544” first.

But second time, it responded “104.112.135.29, 2600:1419:bc00:48e::3544, 2600:1419:bc00:4a8::3544

With the CNAME chain currently travelling this path:

  1. learn.microsoft.com
  2. learn-public.trafficmanager.net
  3. learn.microsoft.com.edgekey.net
  4. learn.microsoft.com.edgekey.net.globalredir.akadns.net
  5. e13636.dscb.akamaiedge.net

It will be the authoritative DNS provider of akamaiedge.net (and their configuration of the (sub)domain e13636.dscb.akamaiedge.net) that defines which IP address that are provided.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.