Different result from DNS query in different regions

jpgpi250 · February 4, 2021, 8:34pm

NOT really a pihole problem, but an explanation would be useful...

On my system, in belgium, a DNS query to dns.nextdns.io (a DOH server) returns the result:

nslookup dns.nextdns.io
Server:         127.0.0.1
Address:        127.0.0.1#53
Non-authoritative answer:
dns.nextdns.io  canonical name = steering.nextdns.io.
Name:   steering.nextdns.io
Address: 194.110.115.97
Name:   steering.nextdns.io
Address: 45.128.133.120

a quick check of the unbound log (used as recursive resolver) shows unbound uses ns1.nextdns.io an ns2.nextdns.io

on my system:
ns1.nextdns.io -> 45.90.28.1
ns2.nextdns.io -> 45.90.30.1

a more specific nslookup (nslookup dns.nextdns.io 45.90.28.1), thus using ns1.nextdns.io returns the identical result.

nslookup dns.nextdns.io 45.90.28.1
Server:         45.90.28.1
Address:        45.90.28.1#53

Non-authoritative answer:
dns.nextdns.io  canonical name = steering.nextdns.io.
Name:   steering.nextdns.io
Address: 45.128.133.120
Name:   steering.nextdns.io
Address: 194.110.115.97

HOWEVER

the user (located in Switzerland) who reported this problem (using my DOH blocklist) gets different results for the more specific queries (same result on both nameservers, but different from my result):

nslookup dns.nextdns.io 45.90.28.1
Server:		45.90.28.1
Address:	45.90.28.1#53

Non-authoritative answer:
dns.nextdns.io	canonical name = steering.nextdns.io.
Name:	steering.nextdns.io
Address: 178.255.153.47
Name:	steering.nextdns.io
Address: 159.100.248.193

What am I (are we) missing, that would explain this difference?

Thank you for your time and effort.

yubiuser · February 4, 2021, 8:45pm

Maybe something like this

Bucking_Horn · February 4, 2021, 8:50pm

I think NextDNS also provide some good explanation themselves:

jpgpi250 · February 4, 2021, 9:35pm

@yubiuser, @Bucking_Horn

I get the picture, makes sense to do this, decrease the response time (simplified interpretation).

Follow up question: Is it even possible to get a list of all the IP's, providing the same service on the different locations, using the common available tools on, for example, a debian system?

yubiuser · February 5, 2021, 5:37am

I don't know

Why do you need that information?

jpgpi250 · February 5, 2021, 8:04am

As mentioned earlier, I maintain a consolidated IPv4 and IPv6 DOH block list, for use on a firewal, explained in this doc. The lists now contains the IP address for dns.nextdns.io, but since it only contains the IPs for my region, this DOH server will not be blocked in other regions. There may be others, using the same technique.

system · February 26, 2021, 8:04am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.