We plan to use Cloudflare DNS as resolver, but have a question before we implement this.
If I make a request for e.g. learn.microsoft.com (a site globally distribute by Akamai with many global distributed IP addresses behind) to both of your DNS Servers - can you guarantee that both respond with the same IP address at the same time?
I ask this because we had problems in the past that other DNS providers responded with different IP addresses which is bad for our firewall and dynamic rules.
A “recursive DNS” / “DNS resolver” will simply ask the authoritative DNS for hints on where to reach the given (sub)domain/hostname.
The “recursive DNS” / “DNS resolver” will typically cache it for a while to avoid (sometimes with full, but sometimes with less respect towards the TTL provided by the authoritative DNS provide).
No “recursive DNS” / “DNS resolver” will ever be able to guarantee you that.
I tried some multi-location DNS checker websites.
Sao Paulo, Brazil responded “184.85.33.200, 2600:1419:4e00:186::3544, 2600:1419:4e00:184::3544” first.
But second time, it responded “104.112.135.29, 2600:1419:bc00:48e::3544, 2600:1419:bc00:4a8::3544”
With the CNAME chain currently travelling this path:
It will be the authoritative DNS provider of akamaiedge.net (and their configuration of the (sub)domain e13636.dscb.akamaiedge.net) that defines which IP address that are provided.