whoami.akamai.net and public DNS node replies

Anurag Bhatia me at anuragbhatia.com
Mon Apr 2 20:36:34 UTC 2018 

Hello everyone,



Anyone using whoami.akamai.net? I have used it quite a while especially
with large anycast players because they tend to have customer facing
(anycast) IPs and internet facing unicast IPs to reach to outside world.
Thus for say 8.8.8.8 while query may be local to my country (India), I saw
that Google was using unicast IP from their Singapore location (as per IPs
published here <https://developers.google.com/speed/public-dns/faq> in
their FAQ).

dig @8.8.8.8 whoami.akamai.net used to give that IP.


>From last few weeks, I see results are pretty inconsistent and just makes
no sense whatsoever.


E.g 5 consecutive queries to 8.8.8.8 asking whoami.akamai.net where Akamai
should return me IP of recursor from where query came:

dig @8.8.8.8 whoami.akamai.net a +short
103.252.111.59

dig @8.8.8.8 whoami.akamai.net a +short
118.185.164.42

dig @8.8.8.8 whoami.akamai.net a +short
118.185.164.42

dig @8.8.8.8 whoami.akamai.net a +short
14.139.241.214

dig @8.8.8.8 whoami.akamai.net a +short
103.252.111.59





This does not make sense since none of those unicast IPs belongs to Google.
I see similar result for any other open DNS service like Cisco's OpenDNS:

dig @208.67.222.222 whoami.akamai.net a +short
14.139.240.146

dig @208.67.222.222 whoami.akamai.net a +short
103.252.111.156

dig @208.67.222.222 whoami.akamai.net a +short
14.139.240.157

dig @208.67.222.222 whoami.akamai.net a +short
14.139.240.157




Is anyone aware of any issues in the way whoami.akamai.net works?

dig +trace whoami.akamai.net gives me back my unicast IP which is logical
considering fact that +trace tends to use local DNS recursor within the
machine. This gives an impression that probably TTL is too high and
recursors are caching reply which they are not supposed to. But at the same
time, I do not see the logic of getting non-Google IPs when querying via
8.8.8.8.


;; QUESTION SECTION:
;whoami.akamai.net. IN A

;; ANSWER SECTION:
whoami.akamai.net. 180 IN A 103.252.111.173



I think in past TTL used to be very low to avoid caching for it.



Anyone with ideas on what's going on?





-- 


Anurag Bhatia
anuragbhatia.com

More information about the NANOG mailing list