starred/geodns
1
0
Fork 0
mirror of https://github.com/abh/geodns.git synced 2026-04-26 19:35:51 +03:00
Code Issues 151 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #132] Bug) Incorrect GSLB result for Cloudflare DNS ( 1.1.1.1 ) #380

New issue
Open
opened 2026-03-13 14:49:25 +03:00 by kerem · 2 comments
kerem commented 2026-03-13 14:49:25 +03:00
Owner
Copy link

Originally created by @ghost on GitHub (Apr 8, 2022).
Original GitHub issue: https://github.com/abh/geodns/issues/132

Hello,

I think geodns doesn't work when clients are querying DNS records via 1.1.1.1 dns

Test results

root@localhost:~# which dig
/usr/bin/dig
root@localhost:~# dig pool.ntp.org @1.1.1.1

; <<>> DiG 9.16.1-Ubuntu <<>> pool.ntp.org @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34920
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;pool.ntp.org.                  IN      A

;; ANSWER SECTION:
pool.ntp.org.           133     IN      A       213.231.5.55
pool.ntp.org.           133     IN      A       200.89.75.197
pool.ntp.org.           133     IN      A       109.74.192.97
pool.ntp.org.           133     IN      A       211.233.84.186

;; Query time: 0 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri Apr 08 23:19:57 UTC 2022
;; MSG SIZE  rcvd: 105

root@localhost:~# ping 213.231.5.55
PING 213.231.5.55 (213.231.5.55) 56(84) bytes of data.
64 bytes from 213.231.5.55: icmp_seq=1 ttl=53 time=250 ms
64 bytes from 213.231.5.55: icmp_seq=2 ttl=53 time=250 ms
^C
--- 213.231.5.55 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 249.610/249.961/250.313/0.351 ms
root@localhost:~# ping 200.89.75.197
PING 200.89.75.197 (200.89.75.197) 56(84) bytes of data.
64 bytes from 200.89.75.197: icmp_seq=1 ttl=56 time=267 ms
^C
--- 200.89.75.197 ping statistics ---
2 packets transmitted, 1 received, 50% packet loss, time 1001ms
rtt min/avg/max/mdev = 266.621/266.621/266.621/0.000 ms
root@localhost:~# ping 109.74.192.97
PING 109.74.192.97 (109.74.192.97) 56(84) bytes of data.
64 bytes from 109.74.192.97: icmp_seq=1 ttl=55 time=236 ms
^C
--- 109.74.192.97 ping statistics ---
2 packets transmitted, 1 received, 50% packet loss, time 1002ms
rtt min/avg/max/mdev = 236.298/236.298/236.298/0.000 ms
root@localhost:~# ping 211.233.84.186
PING 211.233.84.186 (211.233.84.186) 56(84) bytes of data.
64 bytes from 211.233.84.186: icmp_seq=1 ttl=54 time=33.3 ms
64 bytes from 211.233.84.186: icmp_seq=2 ttl=54 time=33.2 ms
^C
--- 211.233.84.186 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 33.228/33.249/33.270/0.021 ms
root@localhost:~# dig pool.ntp.org

; <<>> DiG 9.16.1-Ubuntu <<>> pool.ntp.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32438
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;pool.ntp.org.                  IN      A

;; ANSWER SECTION:
pool.ntp.org.           75      IN      A       162.159.200.1
pool.ntp.org.           75      IN      A       203.112.25.169
pool.ntp.org.           75      IN      A       194.0.5.123
pool.ntp.org.           75      IN      A       133.243.238.163

;; Query time: 7 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Fri Apr 08 23:21:08 UTC 2022
;; MSG SIZE  rcvd: 105

Querying from japan region server would return incorrect answers when the records are returned by 1.1.1.1,

while it just works normally with the default DNS server provided by ISP.

Originally created by @ghost on GitHub (Apr 8, 2022). Original GitHub issue: https://github.com/abh/geodns/issues/132 Hello, I think geodns doesn't work when clients are querying DNS records via `1.1.1.1` dns Test results ``` root@localhost:~# which dig /usr/bin/dig root@localhost:~# dig pool.ntp.org @1.1.1.1 ; <<>> DiG 9.16.1-Ubuntu <<>> pool.ntp.org @1.1.1.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34920 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;pool.ntp.org. IN A ;; ANSWER SECTION: pool.ntp.org. 133 IN A 213.231.5.55 pool.ntp.org. 133 IN A 200.89.75.197 pool.ntp.org. 133 IN A 109.74.192.97 pool.ntp.org. 133 IN A 211.233.84.186 ;; Query time: 0 msec ;; SERVER: 1.1.1.1#53(1.1.1.1) ;; WHEN: Fri Apr 08 23:19:57 UTC 2022 ;; MSG SIZE rcvd: 105 root@localhost:~# ping 213.231.5.55 PING 213.231.5.55 (213.231.5.55) 56(84) bytes of data. 64 bytes from 213.231.5.55: icmp_seq=1 ttl=53 time=250 ms 64 bytes from 213.231.5.55: icmp_seq=2 ttl=53 time=250 ms ^C --- 213.231.5.55 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 249.610/249.961/250.313/0.351 ms root@localhost:~# ping 200.89.75.197 PING 200.89.75.197 (200.89.75.197) 56(84) bytes of data. 64 bytes from 200.89.75.197: icmp_seq=1 ttl=56 time=267 ms ^C --- 200.89.75.197 ping statistics --- 2 packets transmitted, 1 received, 50% packet loss, time 1001ms rtt min/avg/max/mdev = 266.621/266.621/266.621/0.000 ms root@localhost:~# ping 109.74.192.97 PING 109.74.192.97 (109.74.192.97) 56(84) bytes of data. 64 bytes from 109.74.192.97: icmp_seq=1 ttl=55 time=236 ms ^C --- 109.74.192.97 ping statistics --- 2 packets transmitted, 1 received, 50% packet loss, time 1002ms rtt min/avg/max/mdev = 236.298/236.298/236.298/0.000 ms root@localhost:~# ping 211.233.84.186 PING 211.233.84.186 (211.233.84.186) 56(84) bytes of data. 64 bytes from 211.233.84.186: icmp_seq=1 ttl=54 time=33.3 ms 64 bytes from 211.233.84.186: icmp_seq=2 ttl=54 time=33.2 ms ^C --- 211.233.84.186 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1002ms rtt min/avg/max/mdev = 33.228/33.249/33.270/0.021 ms root@localhost:~# dig pool.ntp.org ; <<>> DiG 9.16.1-Ubuntu <<>> pool.ntp.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32438 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;pool.ntp.org. IN A ;; ANSWER SECTION: pool.ntp.org. 75 IN A 162.159.200.1 pool.ntp.org. 75 IN A 203.112.25.169 pool.ntp.org. 75 IN A 194.0.5.123 pool.ntp.org. 75 IN A 133.243.238.163 ;; Query time: 7 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Fri Apr 08 23:21:08 UTC 2022 ;; MSG SIZE rcvd: 105 ``` Querying from japan region server would return incorrect answers when the records are returned by `1.1.1.1`, while it just works normally with the default DNS server provided by ISP.
kerem commented 2026-03-13 14:49:35 +03:00
Author
Owner
Copy link

@abh commented on GitHub (Apr 9, 2022):

Sounds like an issue with the GeoIP data or one of the particular installations, not really the geodns software. (So maybe better for community.ntppool.org). But all the same:

Cloudflare doesn't support EDNS-CLIENT-SUBNET, so we'll use the geoip data/location of their DNS server.

Can you do a query for dig -t txt _country.pool.ntp.org (maybe do a couple, they might have different results)?

<!-- gh-comment-id:1093545857 --> @abh commented on GitHub (Apr 9, 2022): Sounds like an issue with the GeoIP data or one of the particular installations, not really the geodns software. (So maybe better for community.ntppool.org). But all the same: Cloudflare doesn't support EDNS-CLIENT-SUBNET, so we'll use the geoip data/location of their DNS server. Can you do a query for `dig -t txt _country.pool.ntp.org` (maybe do a couple, they might have different results)?
kerem commented 2026-03-13 14:49:40 +03:00
Author
Owner
Copy link

@ghost commented on GitHub (Apr 9, 2022):

ubuntu@ubuntu:~$ dig -t txt _country.pool.ntp.org @1.1.1.1

; <<>> DiG 9.16.1-Ubuntu <<>> -t txt _country.pool.ntp.org @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39059
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;_country.pool.ntp.org.         IN      TXT

;; ANSWER SECTION:
_country.pool.ntp.org.  1       IN      TXT     "[2400:cb00:382:1024::ac46:79a3]:47772" "2400:cb00:382:1024::ac46:79a3" "jp asia @" "/0" "nue2" "178.63.120.205" "()"

;; Query time: 247 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sat Apr 09 16:20:45 JST 2022
;; MSG SIZE  rcvd: 166

ubuntu@ubuntu:~$ dig -t txt _country.pool.ntp.org

; <<>> DiG 9.16.1-Ubuntu <<>> -t txt _country.pool.ntp.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10100
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;_country.pool.ntp.org.         IN      TXT

;; ANSWER SECTION:
_country.pool.ntp.org.  5       IN      TXT     "<redacted>" "<redacted>" "jp asia @" "/0" "147.75.94.227" "147.75.94.227" "()"

;; Query time: 7 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sat Apr 09 16:20:55 JST 2022
;; MSG SIZE  rcvd: 140

@abh Sure, here is the result

<!-- gh-comment-id:1093770779 --> @ghost commented on GitHub (Apr 9, 2022): ``` ubuntu@ubuntu:~$ dig -t txt _country.pool.ntp.org @1.1.1.1 ; <<>> DiG 9.16.1-Ubuntu <<>> -t txt _country.pool.ntp.org @1.1.1.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39059 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;_country.pool.ntp.org. IN TXT ;; ANSWER SECTION: _country.pool.ntp.org. 1 IN TXT "[2400:cb00:382:1024::ac46:79a3]:47772" "2400:cb00:382:1024::ac46:79a3" "jp asia @" "/0" "nue2" "178.63.120.205" "()" ;; Query time: 247 msec ;; SERVER: 1.1.1.1#53(1.1.1.1) ;; WHEN: Sat Apr 09 16:20:45 JST 2022 ;; MSG SIZE rcvd: 166 ubuntu@ubuntu:~$ dig -t txt _country.pool.ntp.org ; <<>> DiG 9.16.1-Ubuntu <<>> -t txt _country.pool.ntp.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10100 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;_country.pool.ntp.org. IN TXT ;; ANSWER SECTION: _country.pool.ntp.org. 5 IN TXT "<redacted>" "<redacted>" "jp asia @" "/0" "147.75.94.227" "147.75.94.227" "()" ;; Query time: 7 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Sat Apr 09 16:20:55 JST 2022 ;; MSG SIZE rcvd: 140 ``` @abh Sure, here is the result
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
copilot/fix-102
avro
dependabot/go_modules/golang.org/x/net-0.7.0
master
godep
docs
geoip6
influxdb
targeting
edns-subnet
v3.4.1
v3.4.0
v3.3.3
v3.3.2
v3.3.1
v3.3.0
v3.2.3
v3.2.2
v3.2.1
v3.2.0
v3.1.0
v3.1.0-rc1
v3.0.2
v3.0.1
2.7.0
2.6.0
2.5.0
2.4.0
2.4.4
2.4.1
2.2.8
2.2.7
2.2.6
2.2.5
2.2.4
2.2.3
2.2.2
2.2.1
Labels
Clear labels   
bug

   
bug

   
enhancement

   
pull-request

Mirrored from GitHub Pull Request

  
question
No labels
bug
bug
enhancement
pull-request
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/geodns#380
No description provided.