Microsoft Teams GeoDNS URL does not properly resolve from Asia

Issue : GeoDNS breaks when using Cloudflare for Microsoft Teams URLs. The URL is supposed to resolve to an IP address closest to the user. But it resolves to US based IP addresses. Note that it works fine when we use Google DNS or OpenDNS

The Microsoft Teams URL in question

worldaz.tr.teams.microsoft.com

When using Cloudflare DNS (1.1.1.1) and sending queries from Asia (Hong Kong or Singapore), the URL resolves to North American IP addresses.

When Using Cloudflare

AWS-Singapore:~# dig @1.1.1.1 worldaz.tr.teams.microsoft.com +short
worldaz.tr.teams.trafficmanager.net.
a-tr-teams-usea-02.eastus.cloudapp.azure.com.
52.115.62.1

AWS-Hong-Kong:~# dig @1.1.1.1 worldaz.tr.teams.microsoft.com +short
worldaz.tr.teams.trafficmanager.net.
a-tr-teams-uswe-03.westus.cloudapp.azure.com.
52.112.107.4

When Using Google DNS

AWS-Singapore:~# dig @8.8.8.8 worldaz.tr.teams.microsoft.com +short
worldaz.tr.teams.trafficmanager.net.
a-tr-teams-jpea-02.japaneast.cloudapp.azure.com.
52.115.47.1

AWS-Hong-Kong:~# dig @8.8.8.8 worldaz.tr.teams.microsoft.com +short
worldaz.tr.teams.trafficmanager.net.
a-tr-teams-krcn-01.koreacentral.cloudapp.azure.com.
52.114.45.62

When Using OpenDNS

AWS-Singapore:~# dig @208.67.222.222 worldaz.tr.teams.microsoft.com +short
worldaz.tr.teams.trafficmanager.net.
a-tr-teams-asse-02.southeastasia.cloudapp.azure.com.
52.114.54.60

AWS-Hong-Kong:~# dig @208.67.222.222 worldaz.tr.teams.microsoft.com +short
worldaz.tr.teams.trafficmanager.net.
a-tr-teams-asea-01.eastasia.cloudapp.azure.com.
52.114.5.9

Issue
If you look at the resulting IPs and look up their location, you will see that queries resolved through Cloudflare get North American IP addresses. Whereas queries sent through Google or OpenDNS are at least in the same continent.

You can also just look at the CNAME right before the IP address, which tells you the region it will resolve to (for example a-tr-teams-usea-02.eastus.cloudapp.azure.com)

Additional Notes :

  • My egress IP on the Singapore AWS VM : 54.151.163.230
  • My egress IP on the Hong Kong AWS VM : 18.162.155.81

Hi good day!!!
You might think that it is not reaching the closest server since Cloudflare did not send EDNS ECS support due to a privacy issue.
You should talk to them to see if there is another way to solve your problem.

Cheers!!!

I tried from Hong Kong and have the same observation as well. In addition, it seems the Cloudflare’s DNS server IP seen from other DNS servers, from the result of https://bash.ws/dnsleak/, was interpreted to be from Hong Kong or us, as in https://www.iplocation.net/.

I guess azure traffic Manager may think that IP is from US thus returns us endpoint.

@irtefa @mvavrusa Good Morning!!! Could you verify this topic ??? Would I have a way to fix this ???
Thank you very much already!!!