Some korean guy just ignored region restriction!

As you know, Cloudflare uses global dns to direct users to the nearest Point of Presence (PoP) server. Specifically, the ICN Region is designed primarily for enterprise websites.

Some korean guy has developed their own DNS that bypasses this setup, forcing domains registered on the Cloudflare network to connect “exclusively to the ICN PoP”!

Is this even allowed?

fyi: https://dns.eliv.co.kr/

My guesses, but someone will know more technical details…

I’ve not looked but I guess he’s not directing to the ICN PoP specificially, but just running a DNS that substitutes any detected Cloudflare IP addresses with some from the Enterprise range - all Cloudflare proxy IPs answer for all websites, they are just allocated into plan pools by the Cloudflare DNS. That would work in any location.

I’m suprised someone hasn’t made a resolver you can run to do this before (or maybe they have), but maybe it’s only become an issue recently due to ISPs giving crappy routes to Cloudflare traffic to save money.

I guess Cloudflare will do something about it if it affects their traffic or costs, or reliability for Enterprise customers as those IP addresses have highest traffic priority on Cloudflare’s network.

[add]
Yes, that’s all it does…

My (free plan) site…

dig +short cf.sjr.org.uk
172.67.156.230
104.21.89.67

Using their DNS…

dig +short cf.sjr.org.uk @150.230.255.179
162.159.128.233
162.159.136.232

Ping (from close to London, times indicates using London PoP as you would expect with anycast)…

ping 162.159.128.233
PING 162.159.128.233 (162.159.128.233) 56(84) bytes of data.
64 bytes from 162.159.128.233: icmp_seq=1 ttl=58 time=2.32 ms
64 bytes from 162.159.128.233: icmp_seq=2 ttl=58 time=2.06 ms
64 bytes from 162.159.128.233: icmp_seq=3 ttl=58 time=2.09 ms
64 bytes from 162.159.128.233: icmp_seq=4 ttl=58 time=1.97 ms

All those Telekom customers with dodgy routing could start using this guy’s DNS :stuck_out_tongue:

3 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.