Incorrect AWS Cloudfront edge node

When I try to access a Cloudfront distribution, it gives me an IP in the US east coast, and not one close to my location (The Netherlands). AWS has edge nodes in Amsterdam.

I’ve contacted AWS support but they can’t help. Cloudfront primarily uses the EDNS-client-subnet and 1.1.1.1 doesn’t support this. When that is not available, Cloudfront falls back to the resolvers IP for location estimate.

dig resolver-identity.cloudfront.net @1.1.1.1 returns 162.158.109.35 which is in Amsterdam. However, Cloudfront doesn’t see that or something.

Is this a common issue? Any clues what I can do about it? AWS support says everything is OK and they can’t do anything about it.

From what I can tell, AWS should use the resolvers IP (162.158.109.35) to guesstimate the users location (Amsterdam in this case) and respond with an edge node close to that. But what do I know…

Help appreciated!

https://1.1.1.1/help#eyJpc0NmIjoiWWVzIiwiaXNEb3QiOiJObyIsImlzRG9oIjoiTm8iLCJyZXNvbHZlcklwLTEuMS4xLjEiOiJZZXMiLCJyZXNvbHZlcklwLTEuMC4wLjEiOiJZZXMiLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMTExIjoiTm8iLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMDAxIjoiTm8iLCJkYXRhY2VudGVyTG9jYXRpb24iOiJBTVMiLCJpc1dhcnAiOiJObyIsImlzcE5hbWUiOiJDbG91ZGZsYXJlIiwiaXNwQXNuIjoiMTMzMzUifQ==

Hi, you’re correct, AWS should have Cloudflare’s source address ranges mapped, so it should know the 162.158.109.35 is in the Amsterdam range. I can poke around to see if there’s anything not working properly.

3 Likes