Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug) Incorrect GSLB result for Cloudflare DNS ( 1.1.1.1 ) #132

Open
ghost opened this issue Apr 8, 2022 · 2 comments
Open

Bug) Incorrect GSLB result for Cloudflare DNS ( 1.1.1.1 ) #132

ghost opened this issue Apr 8, 2022 · 2 comments

Comments

@ghost
Copy link

ghost commented Apr 8, 2022

Hello,

I think geodns doesn't work when clients are querying DNS records via 1.1.1.1 dns

Test results

root@localhost:~# which dig
/usr/bin/dig
root@localhost:~# dig pool.ntp.org @1.1.1.1

; <<>> DiG 9.16.1-Ubuntu <<>> pool.ntp.org @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34920
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;pool.ntp.org.                  IN      A

;; ANSWER SECTION:
pool.ntp.org.           133     IN      A       213.231.5.55
pool.ntp.org.           133     IN      A       200.89.75.197
pool.ntp.org.           133     IN      A       109.74.192.97
pool.ntp.org.           133     IN      A       211.233.84.186

;; Query time: 0 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri Apr 08 23:19:57 UTC 2022
;; MSG SIZE  rcvd: 105

root@localhost:~# ping 213.231.5.55
PING 213.231.5.55 (213.231.5.55) 56(84) bytes of data.
64 bytes from 213.231.5.55: icmp_seq=1 ttl=53 time=250 ms
64 bytes from 213.231.5.55: icmp_seq=2 ttl=53 time=250 ms
^C
--- 213.231.5.55 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 249.610/249.961/250.313/0.351 ms
root@localhost:~# ping 200.89.75.197
PING 200.89.75.197 (200.89.75.197) 56(84) bytes of data.
64 bytes from 200.89.75.197: icmp_seq=1 ttl=56 time=267 ms
^C
--- 200.89.75.197 ping statistics ---
2 packets transmitted, 1 received, 50% packet loss, time 1001ms
rtt min/avg/max/mdev = 266.621/266.621/266.621/0.000 ms
root@localhost:~# ping 109.74.192.97
PING 109.74.192.97 (109.74.192.97) 56(84) bytes of data.
64 bytes from 109.74.192.97: icmp_seq=1 ttl=55 time=236 ms
^C
--- 109.74.192.97 ping statistics ---
2 packets transmitted, 1 received, 50% packet loss, time 1002ms
rtt min/avg/max/mdev = 236.298/236.298/236.298/0.000 ms
root@localhost:~# ping 211.233.84.186
PING 211.233.84.186 (211.233.84.186) 56(84) bytes of data.
64 bytes from 211.233.84.186: icmp_seq=1 ttl=54 time=33.3 ms
64 bytes from 211.233.84.186: icmp_seq=2 ttl=54 time=33.2 ms
^C
--- 211.233.84.186 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 33.228/33.249/33.270/0.021 ms
root@localhost:~# dig pool.ntp.org

; <<>> DiG 9.16.1-Ubuntu <<>> pool.ntp.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32438
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;pool.ntp.org.                  IN      A

;; ANSWER SECTION:
pool.ntp.org.           75      IN      A       162.159.200.1
pool.ntp.org.           75      IN      A       203.112.25.169
pool.ntp.org.           75      IN      A       194.0.5.123
pool.ntp.org.           75      IN      A       133.243.238.163

;; Query time: 7 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Fri Apr 08 23:21:08 UTC 2022
;; MSG SIZE  rcvd: 105

Querying from japan region server would return incorrect answers when the records are returned by 1.1.1.1,

while it just works normally with the default DNS server provided by ISP.
@abh
Copy link
Owner

abh commented Apr 9, 2022

Sounds like an issue with the GeoIP data or one of the particular installations, not really the geodns software. (So maybe better for community.ntppool.org). But all the same:

Cloudflare doesn't support EDNS-CLIENT-SUBNET, so we'll use the geoip data/location of their DNS server.

Can you do a query for dig -t txt _country.pool.ntp.org (maybe do a couple, they might have different results)?

@ghost
Copy link
Author

ghost commented Apr 9, 2022 

ubuntu@ubuntu:~$ dig -t txt _country.pool.ntp.org @1.1.1.1

; <<>> DiG 9.16.1-Ubuntu <<>> -t txt _country.pool.ntp.org @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39059
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;_country.pool.ntp.org.         IN      TXT

;; ANSWER SECTION:
_country.pool.ntp.org.  1       IN      TXT     "[2400:cb00:382:1024::ac46:79a3]:47772" "2400:cb00:382:1024::ac46:79a3" "jp asia @" "/0" "nue2" "178.63.120.205" "()"

;; Query time: 247 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sat Apr 09 16:20:45 JST 2022
;; MSG SIZE  rcvd: 166

ubuntu@ubuntu:~$ dig -t txt _country.pool.ntp.org

; <<>> DiG 9.16.1-Ubuntu <<>> -t txt _country.pool.ntp.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10100
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;_country.pool.ntp.org.         IN      TXT

;; ANSWER SECTION:
_country.pool.ntp.org.  5       IN      TXT     "<redacted>" "<redacted>" "jp asia @" "/0" "147.75.94.227" "147.75.94.227" "()"

;; Query time: 7 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sat Apr 09 16:20:55 JST 2022
;; MSG SIZE  rcvd: 140

@abh Sure, here is the result

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@abh