This is duplicated one to my question in Superuser.

Akamai whoami tools can check whether a DNS resolver support EDNS-client subnet. The following result shows that 1.1.1.1 do support ECS.

[email protected] ~]$ dig +short TXT whoami.ds.akahelp.net @1.1.1.1
"ecs" "54.73.0.0/24/24"
"ip" "54.73.0.168"
"ns" "162.158.37.98"

However, according to the Cloudflare FAQ, it should not support ECS.

1.1.1.1 is a privacy centric resolver so it does not send any client IP information and does not send the EDNS Client Subnet Header to authoritative servers.

Try another tool provide by Google. It shows that 1.1.1.1 doesn’t support ECS (no any ECS information responded).

[[email protected] ~]$ dig +short TXT o-o.myaddr.l.google.com @1.1.1.1
"162.158.37.35"

So, is Akamai’s tool wrong? How can I explain the conflict?

This is expected and by design for this single Akamai testing endpoint.

Look right below the part you quoted? https://developers.cloudflare.com/1.1.1.1/faq/#does-1111-send-edns-client-subnet-header

1.1.1.1 is a privacy centric resolver so it does not send any client IP information and does not send the EDNS Client Subnet Header to authoritative servers. The exception is the single Akamai debug domain whoami.ds.akahelp.net to aid in cross-provider debugging. However, Cloudflare does not send ECS to any of Akamai’s production domains, such as akamaihd.net or similar.

You even linked to it on your superuser post haha

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.