Some korean guy just ignored region restriction!

As you know, Cloudflare uses global dns to direct users to the nearest Point of Presence (PoP) server. Specifically, the ICN Region is designed primarily for enterprise websites.

Some korean guy has developed their own DNS that bypasses this setup, forcing domains registered on the Cloudflare network to connect “exclusively to the ICN PoP”!

Is this even allowed?


My guesses, but someone will know more technical details…

I’ve not looked but I guess he’s not directing to the ICN PoP specificially, but just running a DNS that substitutes any detected Cloudflare IP addresses with some from the Enterprise range - all Cloudflare proxy IPs answer for all websites, they are just allocated into plan pools by the Cloudflare DNS. That would work in any location.

I’m suprised someone hasn’t made a resolver you can run to do this before (or maybe they have), but maybe it’s only become an issue recently due to ISPs giving crappy routes to Cloudflare traffic to save money.

I guess Cloudflare will do something about it if it affects their traffic or costs, or reliability for Enterprise customers as those IP addresses have highest traffic priority on Cloudflare’s network.

Yes, that’s all it does…

My (free plan) site…

dig +short

Using their DNS…

dig +short @

Ping (from close to London, times indicates using London PoP as you would expect with anycast)…

PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=58 time=2.32 ms
64 bytes from icmp_seq=2 ttl=58 time=2.06 ms
64 bytes from icmp_seq=3 ttl=58 time=2.09 ms
64 bytes from icmp_seq=4 ttl=58 time=1.97 ms

All those Telekom customers with dodgy routing could start using this guy’s DNS :stuck_out_tongue:


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.