zlacker

[parent] [thread] 5 comments
1. _akoy+(OP)[view] [source] 2021-09-11 20:15:17
It's important to remember, at least for corporate environments, that EDNS Client Subnet is important when working with services such as Exchange Online where the local resolver is what determines your EXO Front Door. If you're using a service like 1.1.1.1, you may be routed to an incorrect Front Door causing increased latency (primarily with search and archive mailboxes which aren't cached).

Quad9 does have a service which provides EDNS Client Subnet support, should you want to leverage it.

replies(2): >>beezis+y1 >>dknech+y2
2. beezis+y1[view] [source] 2021-09-11 20:24:32
>>_akoy+(OP)
I have Quad9's DNSCrypt configured with ECS on my Pi-Hole and it returns the IPs for archive.is and archive.today. Just tested it.
3. dknech+y2[view] [source] 2021-09-11 20:31:03
>>_akoy+(OP)
Cloudflare has worked providers to make sure they can efficiently route. If you find case where this isn’t the case please let us know.
replies(1): >>Comput+E9
◧◩
4. Comput+E9[view] [source] [discussion] 2021-09-11 21:11:51
>>dknech+y2
Cloudflare DNS does not route efficiently with AWS CloudFront anycast DNS. I tracked down insanely slow `rustup update` downloads to incorrect selection of ideal routes to the AWS resources caused by using CF to resolve the DNS. Switching to a different resolver that works with anycast and EDNS fixed it.

CF saying “we break standard DNS geo routing but work with providers to route things right” isn’t very inspiring.

replies(1): >>elithr+ff
◧◩◪
5. elithr+ff[view] [source] [discussion] 2021-09-11 21:53:32
>>Comput+E9
> Cloudflare DNS does not route efficiently with AWS CloudFront anycast DNS. I tracked down insanely slow `rustup update` downloads to incorrect selection of ideal routes to the AWS resources caused by using CF to resolve the DNS.

Please send me details (silverlock at cloudflare) here - AWS has our geofeed.

If you can include resolution details - e.g. dig @1.1.1.1 <cloudfront-host> +nsid - with the incorrect CF results, we can provide them to AWS.

Folks did geo-routing with DNS long before ECS was included, and there’s a privacy trade-off to be had. We’re exploring ways to make this better but there is no free lunch.

replies(1): >>Comput+4w
◧◩◪◨
6. Comput+4w[view] [source] [discussion] 2021-09-12 00:29:14
>>elithr+ff
Thanks for providing your info. I stopped using CF for resolution because of this almost two years ago; I don’t have a reason to think the situation changed but if I get a chance I can try to reproduce it and get back to you.
[go to top]