One example is speedof.me speedtest site. On Airtel ISP changing DNS to 1.1.1.1 has no effect on this site it still goes to Indian server as expected. But on ACT it is going to US new york. Same is the issue with some other sites. If anycast is enabled and EDNS is working on 1.1.1.1 it should redirect it to nearest server I dont think US is nearest server these guys have servers all over the world and on Airtel it is infact reaching out to Indian server for speedtest.
Download: 2.06 Mbps
Upload: 7.08 Mbps
Latency: 224 ms
Jitter: 240 ms
Test Server: NewYork 1
IP: Removed
Hostname: broadband.actcorp.in
Good point. Let's investigate - with same Speedof.me website. It uses
cdn.speedof.me
as the alias for all speedtests so we will use that for reference.ISP : ACT
Resolver : 1.1.1.1
Resolved addresses :
nslookup cdn.speedof.me 1.1.1.1
Code:
Server: one.one.one.one
Address: 1.1.1.1
Non-authoritative answer:
Name: s2.gs1.wpc.alphacdn.net
Addresses: 2606:2800:11f:bb5:f27:227f:1bbf:a0e
72.21.81.189
Aliases: cdn.speedof.me
cdn.wpc.75c3.gammacdn.net
Traceroute of resolved address :
tracert 72.21.81.189
Code:
Tracing route to 72.21.81.189 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.1.150
2 61 ms 2 ms 1 ms BglBRAS.acttv.in
3 2 ms 2 ms 2 ms broadband.actcorp.in [103.16.203.186]
4 2 ms 2 ms 2 ms broadband.actcorp.in [103.16.203.97]
5 2 ms 2 ms 2 ms 219.65.111.125.STATIC-Chennai.vsnl.net.in [219.65.111.125]
6 2 ms 2 ms 2 ms 172.31.167.57
7 21 ms 21 ms 21 ms 172.31.29.245
8 218 ms 221 ms 218 ms ix-ae-1-602.tcore3.njy-newark.as6453.net [66.198.70.9]
9 278 ms 303 ms 301 ms if-ae-1-3.tcore4.njy-newark.as6453.net [216.6.57.6]
10 222 ms 221 ms 227 ms if-ae-11-14.tcore2.nto-new-york.as6453.net [63.243.186.5]
11 213 ms 227 ms 229 ms if-ae-12-2.tcore1.n75-new-york.as6453.net [66.110.96.5]
12 234 ms 234 ms 249 ms 66.110.96.61
13 232 ms 231 ms 216 ms 152.195.68.139
14 220 ms 225 ms 226 ms 72.21.81.189
Trace complete.
Indeed, the resolved address from
1.1.1.1
is located in New York, which corresponds to your speed test result/location while using ACT Fibernet.===================================================
ISP : Airtel
Resolver : 1.1.1.1
Resolved addresses :
nslookup cdn.speedof.me 1.1.1.1
Code:
Server: one.one.one.one
Address: 1.1.1.1
Non-authoritative answer:
Name: s2.gs1.wpc.alphacdn.net
Addresses: 2606:2800:10c:1d4d:734:abf:1d16:1174
68.232.45.189
Aliases: cdn.speedof.me
cdn.wpc.75c3.gammacdn.net
Traceroute of resolved address :
tracert 68.232.45.189
Code:
Tracing route to 68.232.45.189 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.1.150
2 5 ms 5 ms 5 ms abts-tn-static.airtelbroadband.in
3 * * * Request timed out.
4 5 ms 5 ms 5 ms 61.95.240.129
5 6 ms 6 ms 6 ms 182.79.208.16
6 7 ms 26 ms 6 ms 182.79.164.113
7 6 ms 6 ms 5 ms 68.232.45.189
Trace complete.
Indeed, the resolved address from
1.1.1.1
is now located in Chennai, while using Airtel (VDSL).===========================
TL;DR:
ACT 1.1.1.1 result :
72.21.81.189
(New York) (this result is bad)Airtel 1.1.1.1 result :
68.232.45.189
(Chennai) (this result is good)Now, coming back on topic - does this mean ACT is intercepting
1.1.1.1
DNS queries and inserting malicious addresses that point to somewhere ridiculous like USA? Unlikely.Why? Because the result is the same even when you use DNS-crypt or DoH and making sure it is indeed Cloudflare responding and not something malicious.
Second of all, let's repeat one of this test in ACT but using
8.8.8.8
instead of 1.1.1.1
for same cdn.speedof.me
and see what happens.ISP : ACT
Resolver : 8.8.8.8
Resolved addresses :
nslookup cdn.speedof.me 8.8.8.8
Code:
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: s2.gs1.wpc.alphacdn.net
Addresses: 2606:2800:10c:1d4d:734:abf:1d16:1174
68.232.45.189
Aliases: cdn.speedof.me
cdn.wpc.75c3.gammacdn.net
Traceroute of resolved address :
tracert 68.232.45.189
Code:
Tracing route to 68.232.45.189 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.1.150
2 1 ms 1 ms 1 ms BglBRAS.acttv.in
3 5 ms 2 ms 1 ms broadband.actcorp.in [103.16.203.186]
4 2 ms 1 ms 2 ms broadband.actcorp.in [103.16.203.97]
5 1 ms 1 ms 1 ms 219.65.111.125.STATIC-Chennai.vsnl.net.in [219.65.111.125]
6 1 ms 1 ms 2 ms 172.31.167.57
7 9 ms 12 ms 2 ms 172.31.167.46
8 3 ms 3 ms 3 ms 115.112.8.94.STATIC-Chennai.vsnl.net.in [115.112.8.94]
9 2 ms 2 ms 2 ms 68.232.45.189
Trace complete.
Now, the resolved address is correct while using 8.8.8.8.
TL;DR AGAIN (SORRY!)
ACT isn't intercepting anything.
Likewise, if you use 1.1.1.1 - sometimes Google services (i.e Search, YouTube, etc) also take a wild ride to the USA based on latencies I've tested in the past but they usually come back and forth between 2ms to 200ms just like the test here.
Who's fault is it that I think? It's probably Cloudflare who's responding with incorrect location data at hand. Something is wrong somewhere and only they will know how.
Last edited: