Act fibernet is routing 1.1.1.1 to its own servers in Bangalore

  • Thread starter Thread starter madh123
  • Start date Start date
  • Replies Replies 54
  • Views Views 16,744
madh123 said:
One example is speedof.me speedtest site. On Airtel ISP changing DNS to 1.1.1.1 has no effect on this site it still goes to Indian server as expected. But on ACT it is going to US new york. Same is the issue with some other sites. If anycast is enabled and EDNS is working on 1.1.1.1 it should redirect it to nearest server I dont think US is nearest server these guys have servers all over the world and on Airtel it is infact reaching out to Indian server for speedtest.
Download: 2.06 Mbps
Upload: 7.08 Mbps
Latency: 224 ms
Jitter: 240 ms
Test Server: NewYork 1
IP: Removed
Hostname: broadband.actcorp.in
Click to expand...

Good point. Let's investigate - with same Speedof.me website. It uses cdn.speedof.me as the alias for all speedtests so we will use that for reference.

ISP : ACT
Resolver : 1.1.1.1

Resolved addresses :
nslookup cdn.speedof.me 1.1.1.1
Code: 
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
Name:    s2.gs1.wpc.alphacdn.net
Addresses:  2606:2800:11f:bb5:f27:227f:1bbf:a0e
          72.21.81.189
Aliases:  cdn.speedof.me
          cdn.wpc.75c3.gammacdn.net

Traceroute of resolved address :
tracert 72.21.81.189
Code: 
Tracing route to 72.21.81.189 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  192.168.1.150
  2    61 ms     2 ms     1 ms  BglBRAS.acttv.in
  3     2 ms     2 ms     2 ms  broadband.actcorp.in [103.16.203.186]
  4     2 ms     2 ms     2 ms  broadband.actcorp.in [103.16.203.97]
  5     2 ms     2 ms     2 ms  219.65.111.125.STATIC-Chennai.vsnl.net.in [219.65.111.125]
  6     2 ms     2 ms     2 ms  172.31.167.57
  7    21 ms    21 ms    21 ms  172.31.29.245
  8   218 ms   221 ms   218 ms  ix-ae-1-602.tcore3.njy-newark.as6453.net [66.198.70.9]
  9   278 ms   303 ms   301 ms  if-ae-1-3.tcore4.njy-newark.as6453.net [216.6.57.6]
10   222 ms   221 ms   227 ms  if-ae-11-14.tcore2.nto-new-york.as6453.net [63.243.186.5]
11   213 ms   227 ms   229 ms  if-ae-12-2.tcore1.n75-new-york.as6453.net [66.110.96.5]
12   234 ms   234 ms   249 ms  66.110.96.61
13   232 ms   231 ms   216 ms  152.195.68.139
14   220 ms   225 ms   226 ms  72.21.81.189

Trace complete.

Indeed, the resolved address from 1.1.1.1 is located in New York, which corresponds to your speed test result/location while using ACT Fibernet.

===================================================

ISP : Airtel
Resolver : 1.1.1.1

Resolved addresses :
nslookup cdn.speedof.me 1.1.1.1
Code: 
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
Name:    s2.gs1.wpc.alphacdn.net
Addresses:  2606:2800:10c:1d4d:734:abf:1d16:1174
          68.232.45.189
Aliases:  cdn.speedof.me
          cdn.wpc.75c3.gammacdn.net

Traceroute of resolved address :
tracert 68.232.45.189
Code: 
Tracing route to 68.232.45.189 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  192.168.1.150
  2     5 ms     5 ms     5 ms  abts-tn-static.airtelbroadband.in
  3     *        *        *     Request timed out.
  4     5 ms     5 ms     5 ms  61.95.240.129
  5     6 ms     6 ms     6 ms  182.79.208.16
  6     7 ms    26 ms     6 ms  182.79.164.113
  7     6 ms     6 ms     5 ms  68.232.45.189

Trace complete.

Indeed, the resolved address from 1.1.1.1 is now located in Chennai, while using Airtel (VDSL).

===========================

TL;DR:
ACT 1.1.1.1 result : 72.21.81.189 (New York) (this result is bad)
Airtel 1.1.1.1 result : 68.232.45.189 (Chennai) (this result is good)

Now, coming back on topic - does this mean ACT is intercepting 1.1.1.1 DNS queries and inserting malicious addresses that point to somewhere ridiculous like USA? Unlikely.

Why? Because the result is the same even when you use DNS-crypt or DoH and making sure it is indeed Cloudflare responding and not something malicious.

Second of all, let's repeat one of this test in ACT but using 8.8.8.8 instead of 1.1.1.1 for same cdn.speedof.me and see what happens.

ISP : ACT
Resolver : 8.8.8.8

Resolved addresses :
nslookup cdn.speedof.me 8.8.8.8

Code: 
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    s2.gs1.wpc.alphacdn.net
Addresses:  2606:2800:10c:1d4d:734:abf:1d16:1174
          68.232.45.189
Aliases:  cdn.speedof.me
          cdn.wpc.75c3.gammacdn.net

Traceroute of resolved address :
tracert 68.232.45.189
Code: 
Tracing route to 68.232.45.189 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  192.168.1.150
  2     1 ms     1 ms     1 ms  BglBRAS.acttv.in
  3     5 ms     2 ms     1 ms  broadband.actcorp.in [103.16.203.186]
  4     2 ms     1 ms     2 ms  broadband.actcorp.in [103.16.203.97]
  5     1 ms     1 ms     1 ms  219.65.111.125.STATIC-Chennai.vsnl.net.in [219.65.111.125]
  6     1 ms     1 ms     2 ms  172.31.167.57
  7     9 ms    12 ms     2 ms  172.31.167.46
  8     3 ms     3 ms     3 ms  115.112.8.94.STATIC-Chennai.vsnl.net.in [115.112.8.94]
  9     2 ms     2 ms     2 ms  68.232.45.189

Trace complete.

Now, the resolved address is correct while using 8.8.8.8.

TL;DR AGAIN (SORRY!)

ACT isn't intercepting anything.

Likewise, if you use 1.1.1.1 - sometimes Google services (i.e Search, YouTube, etc) also take a wild ride to the USA based on latencies I've tested in the past but they usually come back and forth between 2ms to 200ms just like the test here.

Who's fault is it that I think? It's probably Cloudflare who's responding with incorrect location data at hand. Something is wrong somewhere and only they will know how.
 
Last edited:
If it is cloudflare then is it possible for someone from this forum to respond to my thread on cloudflare community? Because cloudflare said they cannot do anything if ISP is routing it badly I have included cloudflare thread in this post. As cloudflare is not resolving it correctly I stopped using cloudflare resolver and started using opendns again.
 
Even Hotstar (akamai cdn) is having issues with 1.1.1.1 on ACT it is going to US servers instead of Indian server. But on Airtel it either goes to Singapore or India. What I suspect is ACT is routing 1.1.1.1 traffic on its own instead of passing it on to cloudflare by intercepting it. Usually cloudflare routes it to Singapore if not to India as I noticed it on Airtel.

Initially when cloudflare was launched it was one of the fastest dns servers and even on ACT it was working very well. I started noticing issues on ACT fibernet with 1.1.1.1 when cloudflare announced they are working around securing https ESNI responses with firefox providing support for the same. Usually ISPs use these responses to block https sites by intercepting the server name indication. Cloudflare is only provider who supports this currently using TRR Trusted recursive resolver.
 
This is Hotstar's CDN

ID: 7Z9G9B
Date: Wed, 20 Feb 2019 18:07:02 UTC
DNS IP: 172.68.166.197 (US) (AS0 Unknown)
Client IP: 106.51.29.89 (IN) (AS24309 Atria Convergence Technologies Pvt. Ltd. Broadband Internet Service Provider INDIA)
Protocol: HTTP/1.1
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36
Cookies: yes
 
Airtel's response for Hotstar with 1.1.1.1 ID: 6A6Y2U
Date: Wed, 20 Feb 2019 18:10:55 UTC
DNS IP: 162.158.53.197 (IN) (AS13335 Cloudflare, Inc.)
Client IP: 223.186.40.49 (IN) (AS45609 Bharti Airtel Ltd. AS for GPRS Service)
Protocol: HTTP/1.1
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36
Cookies: yes
 
Clearly it shows routing issue is present with ACT as it instead of passing traffic to cloudflare Indian AS number it is passing it to AS 0 which does not exist. Even if you are using DOH I think if it is routing issue DOH does not address it.
 

Similar threads

jose
BSNL : Terrible routing to Singapore servers
2
Replies
14
Views
6,348
vedantlath
Back