search

TechnitiumSoftware / DnsServer

Technitium DNS Server
https://technitium.com/dns/
GNU General Public License v3.0
3.84k stars 400 forks source link

There is a problem with ecs cache #783

Closed liang-hiwin closed 2 weeks ago

liang-hiwin commented 7 months ago

In the ceche cache, we see that the IP address of the cache subnet client is 0.0.0.0/0, so all ecs are messed up. I don’t know why the subnet IP 0.0.0.0/0 is cached in the cache. When 0.0.0.0/0 is cached, it means that the parsing answer is suitable for all client IPs. This is wrong.

ShreyasZare commented 7 months ago

Thanks for the post. If you see cached entry with 0.0.0.0/0 as the ECS subnet then its there because the upstream server responded that way. Technitium DNS will just cache the records with the ECS subnet as per response it received from the upstream. So there is nothing that can be done to fix this.

If you think this is a bug then let me know a specific domain name to test to replicate the issue. If the issue is able to replicate then it can be fixed.

liang-hiwin commented 7 months ago

Thanks for the post. If you see cached entry with 0.0.0.0/0 as the ECS subnet then its there because the upstream server responded that way. Technitium DNS will just cache the records with the ECS subnet as per response it received from the upstream. So there is nothing that can be done to fix this.

If you think this is a bug then let me know a specific domain name to test to replicate the issue. If the issue is able to replicate then it can be fixed.


[
  {
    "name": "loon-gallery.vercel.app",
    "type": "A",
    "ttl": "0 (0 sec)",
    "rData": {
      "ipAddress": "76.76.21.22"
    },
    "dnssecStatus": "Disabled",
    "eDnsClientSubnet": "0.0.0.0/0",
    "lastUsedOn": "2023-11-21T12:01:07.1691485Z"
  },
  {
    "name": "loon-gallery.vercel.app",
    "type": "A",
    "ttl": "0 (0 sec)",
    "rData": {
      "ipAddress": "76.76.21.93"
    },
    "dnssecStatus": "Disabled",
    "eDnsClientSubnet": "0.0.0.0/0",
    "lastUsedOn": "2023-11-21T12:01:07.1691485Z"
  }
]
liang-hiwin commented 7 months ago 

[
  {
    "name": "40489a.com",
    "type": "A",
    "ttl": "0 (0 sec)",
    "rData": {
      "ipAddress": "18.163.213.203"
    },
    "dnssecStatus": "Disabled",
    "eDnsClientSubnet": "171.105.40.0/24",
    "lastUsedOn": "2023-11-22T10:13:21.1017967Z"
  },
  {
    "name": "40489a.com",
    "type": "A",
    "ttl": "0 (0 sec)",
    "rData": {
      "ipAddress": "18.163.224.54"
    },
    "dnssecStatus": "Disabled",
    "eDnsClientSubnet": "171.105.40.0/24",
    "lastUsedOn": "2023-11-22T10:13:21.1017967Z"
  },
  {
    "name": "40489a.com",
    "type": "A",
    "ttl": "0 (0 sec)",
    "rData": {
      "ipAddress": "18.162.226.181"
    },
    "dnssecStatus": "Disabled",
    "eDnsClientSubnet": "171.105.40.0/24",
    "lastUsedOn": "2023-11-22T10:13:21.1017967Z"
  },
  {
    "name": "40489a.com",
    "type": "A",
    "ttl": "0 (0 sec)",
    "rData": {
      "ipAddress": "18.163.213.203"
    },
    "dnssecStatus": "Disabled",
    "eDnsClientSubnet": "0.0.0.0/0",
    "lastUsedOn": "2023-11-22T13:45:30.1866621Z"
  },
  {
    "name": "40489a.com",
    "type": "A",
    "ttl": "0 (0 sec)",
    "rData": {
      "ipAddress": "18.163.224.54"
    },
    "dnssecStatus": "Disabled",
    "eDnsClientSubnet": "0.0.0.0/0",
    "lastUsedOn": "2023-11-22T13:45:30.1866621Z"
  },
  {
    "name": "40489a.com",
    "type": "A",
    "ttl": "0 (0 sec)",
    "rData": {
      "ipAddress": "18.162.226.181"
    },
    "dnssecStatus": "Disabled",
    "eDnsClientSubnet": "0.0.0.0/0",
    "lastUsedOn": "2023-11-22T13:45:30.1866621Z"
  },
  {
    "name": "40489a.com",
    "type": "AAAA",
    "ttl": "0 (0 sec)",
    "rData": {
      "dataType": "DnsSpecialCacheRecordData",
      "data": "NegativeCache: NoError; 40489a.com.           3600      IN  SOA           clint.ns.cloudflare.com. dns.cloudflare.com. 2324846564 10000 2400 604800 1800"
    },
    "dnssecStatus": "Unknown",
    "eDnsClientSubnet": "0.0.0.0/0",
    "lastUsedOn": "2023-11-22T13:45:30.1577088Z"
  }
]
ShreyasZare commented 7 months ago

Thanks for the details. This is normal and not an issue. The DNS server will respond with correct records as per the ECS option in the received request.

So, in your above cache example, if the request comes from 171.105.40.0/24 subnet then those records marked with that subnet will be used else those marked with 0.0.0.0/0 will be used in the response.

liang-hiwin commented 7 months ago

Thanks for the details. This is normal and not an issue. The DNS server will respond with correct records as per the ECS option in the received request.

So, in your above cache example, if the request comes from 171.105.40.0/24 subnet then those records marked with that subnet will be used else those marked with 0.0.0.0/0 will be used in the response.

Maybe my cache time setting is too long, causing clients in different subnets to respond to the 0.0.0.0/0 IP cached by ECS when requesting resolution.

ShreyasZare commented 7 months ago

Maybe my cache time setting is too long, causing clients in different subnets to respond to the 0.0.0.0/0 IP cached by ECS when requesting resolution.

Its not an issue with your settings. The domain's name servers are returning 0.0.0.0/0 subnet which means that they want the records to be used by all client subnets. Its something that the domain owners are choosing and nothing can be done about it on the client side.

liang-hiwin commented 7 months ago

Maybe my cache time setting is too long, causing clients in different subnets to respond to the 0.0.0.0/0 IP cached by ECS when requesting resolution.

Its not an issue with your settings. The domain's name servers are returning 0.0.0.0/0 subnet which means that they want the records to be used by all client subnets. Its something that the domain owners are choosing and nothing can be done about it on the client side.

My upstream is unbound dns (forwarding google dns). Is it an unbound problem?

ShreyasZare commented 7 months ago

My upstream is unbound dns (forwarding google dns). Is it an unbound problem?

I am not sure about that since I have not tested it with unbound. If unbound is forwarding the ECS from the incoming request then it should work. Also, since the request finally ends with Google DNS, they can manipulate ECS as per their policy. For example, Cloudflare DNS does not support ECS deliberately for privacy reasons.

liang-hiwin commented 7 months ago

My upstream is unbound dns (forwarding google dns). Is it an unbound problem?

I am not sure about that since I have not tested it with unbound. If unbound is forwarding the ECS from the incoming request then it should work. Also, since the request finally ends with Google DNS, they can manipulate ECS as per their policy. For example, Cloudflare DNS does not support ECS deliberately for privacy reasons.

Can I manually edit the cdn cname value used by a domain name?

liang-hiwin commented 7 months ago

For example, this domain name app-site-association.cdn-apple.com uses many CDNs, but some CDN service providers do not have my local nodes, but other CDN service providers have my local nodes. So I want to directly edit the cname specifying this domain name to the cdn service provider that has my node.

ShreyasZare commented 7 months ago

There is no option to manually edit cache entries. But, you can create Conditional Forwarder zone with "This Server" as the forwarder and add your custom CNAME entry as required which will work as you expect.

liang-hiwin commented 7 months ago

There is no option to manually edit cache entries. But, you can create Conditional Forwarder zone with "This Server" as the forwarder and add your custom CNAME entry as required which will work as you expect.

image

Is it like this?

liang-hiwin commented 7 months ago

There is no option to manually edit cache entries. But, you can create Conditional Forwarder zone with "This Server" as the forwarder and add your custom CNAME entry as required which will work as you expect.

It seems to have been successful, but can I use the Geo Distance library to meet the conditions before using the cname I defined?

ShreyasZare commented 7 months ago

You got the conditional forwarder zone configured right.

but can I use the Geo Distance library to meet the conditions before using the cname I defined?

Yes, you can create an APP record and use Geo Distance app with it. But, the client making requesting the must have a public IP address so that the app can figure out its current geo coordinates to calculate the distance between the multiple servers and the client.

liang-hiwin commented 7 months ago

You got the conditional forwarder zone configured right.

but can I use the Geo Distance library to meet the conditions before using the cname I defined?

Yes, you can create an APP record and use Geo Distance app with it. But, the client making requesting the must have a public IP address so that the app can figure out its current geo coordinates to calculate the distance between the multiple servers and the client.

There seems to be no tutorial on Geo Continent, Geo Country, and Geo Distance. Can you provide one?

ShreyasZare commented 7 months ago

There seems to be no tutorial on Geo Continent, Geo Country, and Geo Distance. Can you provide one?

All these apps need MaxMind IP to location database to work and a Lite version of db is included in the app as example which works but may not be accurate.

To understand them, you need to take a look at the JSON app record data. Since you need CNAME, you need to select the Class Path for the app which ends with CNAME.

The continent and country apps will just find the continent or country of the client IP address and return the CNAME as per the app record JSON config array.

The Distance app is a bit different and requires you to provide an approximate latitude and longitude for each of the server you specify in the app record JSON. It will find out the lat and long for the client request IP address and match with all the entries you have in the APP record JSON and return the server closest to the client location.

Just click on the "More Details" link in the Apps list to see the sample JSON record data templates to understand the APP record config.

liang-hiwin commented 7 months ago

There seems to be no tutorial on Geo Continent, Geo Country, and Geo Distance. Can you provide one?

All these apps need MaxMind IP to location database to work and a Lite version of db is included in the app as example which works but may not be accurate.

To understand them, you need to take a look at the JSON app record data. Since you need CNAME, you need to select the Class Path for the app which ends with CNAME.

The continent and country apps will just find the continent or country of the client IP address and return the CNAME as per the app record JSON config array.

The Distance app is a bit different and requires you to provide an approximate latitude and longitude for each of the server you specify in the app record JSON. It will find out the lat and long for the client request IP address and match with all the entries you have in the APP record JSON and return the server closest to the client location.

Just click on the "More Details" link in the Apps list to see the sample JSON record data templates to understand the APP record config.

{
   "IN": [
     "1.1.1.1",
     "2.2.2.2"
   ],
   "default": [
     "3.3.3.3"
   ]
} ,

What does IN refer to, and default.

ShreyasZare commented 7 months ago

What does IN refer to, and default.

Its ISO country code IN for India. Default refers to a case when the MaxMind db fails to find out the country for the client IP address.

liang-hiwin commented 7 months ago

What does IN refer to, and default.

Its ISO country code IN for India. Default refers to a case when the MaxMind db fails to find out the country for the client IP address.

Thank you for your guidance. Can I make a feature request in this post?

ShreyasZare commented 7 months ago

Thank you for your guidance. Can I make a feature request in this post?

You're welcome. If its related then post here otherwise a new issue for it will be good for tracking.

liang-hiwin commented 7 months ago

Thank you for your guidance. Can I make a feature request in this post?

You're welcome. If its related then post here otherwise a new issue for it will be good for tracking.

I want to add location based on different carriers. Currently there are Geo Continent, Geo Country, and Geo Distance, I just want to make the geo partitioning of the app more detailed

ShreyasZare commented 7 months ago

I want to add location based on different carriers.

Do you mean to do that using ASN? or some other parameter?

liang-hiwin commented 7 months ago

yes, for example, this website has some ASN IP segments of our operator, we can use it to carry out more detailed regional partitioning https://www.pdflibr.com/countries/cn/1

liang-hiwin commented 7 months ago

We can first mark the country and then the region, and then mark the network ASN IP segment used in this region. If the above requirements are met, use this cname, etc.

ShreyasZare commented 7 months ago

We can first mark the country and then the region, and then mark the network ASN IP segment used in this region. If the above requirements are met, use this cname, etc.

An app for ASN can be planned. If you wish to combine multiple parameters then chaining these apps with the APP record CNAME can be done as per requirements.

liang-hiwin commented 7 months ago

We can first mark the country and then the region, and then mark the network ASN IP segment used in this region. If the above requirements are met, use this cname, etc.

An app for ASN can be planned. If you wish to combine multiple parameters then chaining these apps with the APP record CNAME can be done as per requirements.

Through the Geo Distance geographical distance setting, I found that the cname I set did not work. For example, you can see from the screenshot that huanan-guangzhou, the cname I set is iosapps.itunes.apple.com.m.alikunlun.net. But when I use dig to append the IP of the huanan-guangzhou region for resolution, cname does not use the value I set.

{{ _$5@GOW~3Z@~{RZQBR)H

image

ShreyasZare commented 7 months ago

Through the Geo Distance geographical distance setting, I found that the cname I set did not work.

Have you downloaded new copy of MaxMind database? Also a full copy of the db is needed for these apps too work correctly.

liang-hiwin commented 7 months ago

Through the Geo Distance geographical distance setting, I found that the cname I set did not work.

Have you downloaded new copy of MaxMind database? Also a full copy of the db is needed for these apps too work correctly.

I updated GeoLite2-City.mmdb, downloaded from this open source project https://github.com/P3TERX/GeoLite.mmdb, They provide GeoLite2-ASN.mmdb, GeoLite2-City.mmdb, GeoLite2-Country.mmdb, among which GeoLite2-ASN.mmdb can support subsequent support for ASN.

image

ShreyasZare commented 7 months ago

I updated GeoLite2-City.mmdb, downloaded from this open source project https://github.com/P3TERX/GeoLite.mmdb,

I just tried the same database with same APP record json and the app is selecting guangzhou location correctly. The old db file included in the app selects the shanxi location.

If you have just replaced the mmdb file on disk directly then you need to restart the DNS server. The correct method to update the mmdb files is to zip then and then use the app's Update button on the GUI to update the db which loads without need for server restart.

liang-hiwin commented 7 months ago

I updated GeoLite2-City.mmdb, downloaded from this open source project https://github.com/P3TERX/GeoLite.mmdb,

I just tried the same database with same APP record json and the app is selecting guangzhou location correctly. The old db file included in the app selects the shanxi location.

If you have just replaced the mmdb file on disk directly then you need to restart the DNS server. The correct method to update the mmdb files is to zip then and then use the app's Update button on the GUI to update the db which loads without need for server restart.

Yes, I have unzipped it, replaced the GeoLite2-City.mmdb file, and restarted the dns program

ShreyasZare commented 7 months ago

Yes, I have unzipped it, replaced the GeoLite2-City.mmdb file, and restarted the dns program

Try testing it again. Since, here its working as expected for the same database file that you are using.

liang-hiwin commented 7 months ago

Yes, I have unzipped it, replaced the GeoLite2-City.mmdb file, and restarted the dns program

Try testing it again. Since, here its working as expected for the same database file that you are using.

Ok, the problem is solved. Due to the lack of ASN support, different IP requests through the ASN operator cannot be allocated normally.

liang-hiwin commented 7 months ago

We can first mark the country and then the region, and then mark the network ASN IP segment used in this region. If the above requirements are met, use this cname, etc.

An app for ASN can be planned. If you wish to combine multiple parameters then chaining these apps with the APP record CNAME can be done as per requirements.

Hello brother. Can you support this plan in the future?

ShreyasZare commented 7 months ago

Hello brother. Can you support this plan in the future?

Sure, will get a new app with ASN support added.

liang-hiwin commented 7 months ago

Hello brother. Can you support this plan in the future?

Sure, will get a new app with ASN support added.

thanks

liang-hiwin commented 3 months ago

There is a problem with ecs. I have to ask here. 5300 is the port of DnsServe @ShreyasZare 

With the same upstream, I run
##############################################################
q www.akamai.com a -s "https://xxxxxx.cloudflare-gateway.com/dns-query" --subnet=106.75.245.0/24|nali
e2915.dscca.s.tl88.net. 20s A 106.4.158.41 [China Jiangxi Jingdezhen]

###############################################################
dig a +subnet=106.75.245.0/24 @127.0.0.1 -p 5300 www.akamai.com

e2915.dscx.akamaiedge.net. 42726 IN     A       2.17.61.103
ShreyasZare commented 3 months ago

There is a problem with ecs. I have to ask here. 5300 is the port of DnsServe @ShreyasZare

Cloudflare does not support ECS so it wont work.

liang-hiwin commented 3 months ago

There is a problem with ecs. I have to ask here. 5300 is the port of DnsServe @ShreyasZare

Cloudflare does not support ECS so it wont work.

cf's gateway dns supports ecs

ShreyasZare commented 3 months ago

There is a problem with ecs. I have to ask here. 5300 is the port of DnsServe @ShreyasZare

Cloudflare does not support ECS so it wont work.

cf's gateway dns supports ecs

No. It does not support ECS. I have just tested it.

liang-hiwin commented 3 months ago

image I request by appending the specified ecs, and the parsing is normal

liang-hiwin commented 3 months ago

image

liang-hiwin commented 3 months ago

Obviously, the results of DnsServer ecs on port 5300 and direct request to doh are different.

ShreyasZare commented 3 months ago

Obviously, the results of DnsServer ecs on port 5300 and direct request to doh are different.

I tested it again. When the DNS server is using Cloudflare Gateway upstream then its not working. I can see that there is no ECS data in the response. However, if I set Google DNS as the upstream then its working as expected and I can see the exact same IP address in response as from your screenshot. It does not seems to be any bug in code.

The next update will add ECS option in the DNS Client tool so it will become easy to test it out.

liang-hiwin commented 3 months ago

Obviously, the results of DnsServer ecs on port 5300 and direct request to doh are different.

I tested it again. When the DNS server is using Cloudflare Gateway upstream then its not working. I can see that there is no ECS data in the response. However, if I set Google DNS as the upstream then its working as expected and I can see the exact same IP address in response as from your screenshot. It does not seems to be any bug in code.

The next update will add ECS option in the DNS Client tool so it will become easy to test it out.

So I don't know why this is happening

ShreyasZare commented 3 months ago

So I don't know why this is happening

Can you double check your settings? Check if the ECS option is enabled in the DNS server's Setting. Also check if the requests you make to port 5300 is actually being received by the DNS server by checking the query logs (or using the Query Logs app).

Also, are you using Advanced Forwarding app? In that case, ECS wont work since the app does not support it.

liang-hiwin commented 3 months ago

So I don't know why this is happening

Can you double check your settings? Check if the ECS option is enabled in the DNS server's Setting. Also check if the requests you make to port 5300 is actually being received by the DNS server by checking the query logs (or using the Query Logs app).

Also, are you using Advanced Forwarding app? In that case, ECS wont work since the app does not support it.

I have configured and checked ecs. I have not installed this app for advanced forwarding, and I have seen the domain name of the corresponding request in the log.

liang-hiwin commented 3 months ago

image image

[2024-03-09 19:41:42 Local] [127.0.0.1:56011] [UDP] QNAME: www.akamai.com; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [www.akamai.com.edgekey.net., www.akamai.com.edgekey.net.globalredir.akadns.net., e2915.dscx.akamaiedge.net., 2.17.61.103]; ECS: 106.75.245.0/0

2024-03-09 20:20:16 Local] [127.0.0.1:45659] [UDP] QNAME: www.taobao.com.danuoyi.tbcache.com; QTYPE: HTTPS; QCLASS: IN; RCODE: NoError; ANSWER: []; ECS: 122.246.71.0/0
[2024-03-09 20:20:16 Local] [127.0.0.1:45659] [UDP] QNAME: www.taobao.com.danuoyi.tbcache.com; QTYPE: HTTPS; QCLASS: IN; RCODE: NoError; ANSWER: []; ECS: 122.246.71.0/0
[2024-03-09 20:20:16 Local] [127.0.0.1:58139] [UDP] QNAME: www.taobao.com.danuoyi.tbcache.com; QTYPE: HTTPS; QCLASS: IN; RCODE: NoError; ANSWER: []; ECS: 122.246.71.0/0
[2024-03-09 20:20:16 Local] [127.0.0.1:58139] [UDP] QNAME: www.taobao.com.danuoyi.tbcache.com; QTYPE: HTTPS; QCLASS: IN; RCODE: NoError; ANSWER: []; ECS: 122.246.71.0/0
[2024-03-09 20:20:16 Local] [127.0.0.1:58139] [UDP] QNAME: www.taobao.com; QTYPE: HTTPS; QCLASS: IN; RCODE: NoError; ANSWER: [www.taobao.com.danuoyi.tbcache.com.]; ECS: 122.246.71.0/0
[2024-03-09 20:20:16 Local] [127.0.0.1:58139] [UDP] QNAME: www.taobao.com; QTYPE: HTTPS; QCLASS: IN; RCODE: NoError; ANSWER: [www.taobao.com.danuoyi.tbcache.com.]; ECS: 122.246.71.0/0
[2024-03-09 20:20:16 Local] [127.0.0.1:45659] [UDP] QNAME: www.taobao.com; QTYPE: HTTPS; QCLASS: IN; RCODE: NoError; ANSWER: [www.taobao.com.danuoyi.tbcache.com.]; ECS: 122.246.71.0/0
[2024-03-09 20:20:16 Local] [127.0.0.1:45659] [UDP] QNAME: www.taobao.com; QTYPE: HTTPS; QCLASS: IN; RCODE: NoError; ANSWER: [www.taobao.com.danuoyi.tbcache.com.]; ECS: 122.246.71.0/0

[2024-03-09 22:35:45 Local] [127.0.0.1:49430] [UDP] QNAME: www.taobao.com; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [www.taobao.com.danuoyi.tbcache.com., 111.31.37.215, 111.31.37.214]; ECS: 106.75.245.0/0
[2024-03-09 22:35:48 Local] [127.0.0.1:35624] [UDP] QNAME: www.taobao.com; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [www.taobao.com.danuoyi.tbcache.com., 111.31.37.215, 111.31.37.214]; ECS: 106.75.245.0/0
[2024-03-09 22:35:49 Local] [127.0.0.1:60974] [UDP] QNAME: www.taobao.com; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [www.taobao.com.danuoyi.tbcache.com., 111.31.37.215, 111.31.37.214]; ECS: 106.75.245.0/0

[2024-03-09 22:36:52 Local] [127.0.0.1:53908] [UDP] QNAME: www.taobao.com; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [www.taobao.com.danuoyi.tbcache.com., 111.31.37.215, 111.31.37.214]; ECS: 211.139.5.0/0
[2024-03-09 22:36:54 Local] [127.0.0.1:52768] [UDP] QNAME: www.taobao.com; QTYPE: A; QCLASS: IN; RCODE: NoError; ANSWER: [www.taobao.com.danuoyi.tbcache.com., 111.31.37.214, 111.31.37.215]; ECS: 211.139.5.0/0
ShreyasZare commented 3 months ago

Thanks for the details. Check the DNS server's cache for www.taobao.com.danuoyi.tbcache.com records and see what eDnsClientSubnet is listed there. Post the cache records here.

liang-hiwin commented 3 months ago

Thanks for the details. Check the DNS server's cache for www.taobao.com.danuoyi.tbcache.com records and see what eDnsClientSubnet is listed there. Post the cache records here.

[
  {
    "name": "www.taobao.com.danuoyi.tbcache.com",
    "type": "A",
    "ttl": "36644 (10 hours 10 mins 44 sec)",
    "rData": {
      "ipAddress": "111.31.37.214"
    },
    "dnssecStatus": "Disabled",
    "eDnsClientSubnet": "0.0.0.0/0",
    "lastUsedOn": "2024-03-09T12:51:02.2779165Z"
  },
  {
    "name": "www.taobao.com.danuoyi.tbcache.com",
    "type": "A",
    "ttl": "36644 (10 hours 10 mins 44 sec)",
    "rData": {
      "ipAddress": "111.31.37.215"
    },
    "dnssecStatus": "Disabled",
    "eDnsClientSubnet": "0.0.0.0/0",
    "lastUsedOn": "2024-03-09T12:51:02.2779165Z"
  },
  {
    "name": "www.taobao.com.danuoyi.tbcache.com",
    "type": "HTTPS",
    "ttl": "34798 (9 hours 39 mins 58 sec)",
    "rData": {
      "dataType": "DnsSpecialCacheRecordData",
      "data": "NegativeCache: NoError; danuoyi.tbcache.com.  43200     IN  SOA           danuoyins7.tbcache.com. root.taobao.com. 2012031100 3600 3600 604800 300"
    },
    "dnssecStatus": "Unknown",
    "eDnsClientSubnet": "0.0.0.0/0",
    "lastUsedOn": "2024-03-09T12:20:16.2481697Z"
  }
]
liang-hiwin commented 3 months ago

The problem is eDnsClientSubnet": "0.0.0.0/0