ISP has their own DNS which provides Akamai Cache

[warmach1ne]

I have setup my own monolithic cache in the private network and which works fine with http. Although our ISP has provided their own dns which provides akamai https cache for certain platform origin and rockstar. Therefore when I use -e UPSTREAM_DNS assigning the ISP provided DNS, I do not receive https cache. Is there a way to set it up as such so that I can have http and https cache?

How do I check if my docker for lancache-dns is using which upstream dns?

Thank you.

DNS Configuration private ip is 100.64.1.254/30 this is used for the cache server. ISP provided 45.125.22.15 for their DNS which has akamai cache.

Output of container(s) 816e7095ce87 lancachenet/sniproxy:latest "/scripts/bootstrap.…" 2 days ago Up 54 minutes 0.0.0.0:443->443/tcp sniproxy 4c28d92a767f lancachenet/monolithic:latest "/bin/bash -e /init/…" 2 days ago Up 54 minutes 0.0.0.0:80->80/tcp, 443/tcp lancache 74b90f532f60 lancachenet/lancache-dns:latest "/bin/bash -e /init/…" 2 days ago Up 54 minutes 0.0.0.0:53->53/udp lancache-dns

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> whoami.akamai.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15001 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;whoami.akamai.net. IN A

;; ANSWER SECTION: whoami.akamai.net. 27 IN A 172.217.34.195

;; Query time: 24 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Mon Dec 16 19:27:30 UTC 2019 ;; MSG SIZE rcvd: 62

[unspec]

Hi,

I'm not totally sure I follow your issue.

Is there a way to set it up as such so that I can have http and https cache?

Lancache cannot cache https traffic at all, regardless of what your isp does or does not provide at their level.

If your ISP does have an akami cache to speed up delivery within their network, and that cache uses DNS posioning, then what you describe (using your ISP's DNS server as the upstream for lancache-dns) should ensure that your clients get the IP for your ISP's cache and not go direct to akamai's CDN, but I couldn't comment on exactly what they are doing. Obviously the clients will still be limited by the speed of your internet connection for akamai traffic, regardless of whether they are pulling it from the ISP cache or from the akamai CDN.

In terms of the issue, are you saying that the DNS results you get from lancache-dns configured with its upstream as your isp's dns server differs from the results you get directly from that isp dns server?

Could you provide the output of an nslookup/dig against both lancache-dns & your isps DNS server for the same hostname? The dig you included seems to be against google (8.8.8.8) which won't return any special records that your ISP might have.

[warmach1ne]

Thank you for your reply.

Our ISP does not have any kind of cache depot or DNS based cache.They are buying Akamai cache service from an IIG(Level 3 Carrier), another third party. It is providing our ISP with 10G path at the moment. Anyway their authoritative DNS IP is 45.125.222.187 and I'm using that as our upstream for lancache-dns. As you have seen from my dig/nslookup that it is forcefully using google's DNS. I have spoken with them today and they said that due to dns query attack, they are using google's DNS for now.

They also said once their authoritative DNS is back online, it will resolve Akamai CDN and the bandwidth will come from IIG Akamai cache service.

Every users have maximum of 100Mbps and I was expecting to receive that traffic. Since they do not have those cache service for HTTP content that's where I installed monolithic. Monolithic is running great and that is what i'm working to provide others for our ISP users. At the same time I was hoping to receive Akamai CDN cache using their authoritative DNS as upstream DNS assigned in lancache-dns but it is not working.

In terms of the issue, are you saying that the DNS results you get from lancache-dns configured with its upstream as your isp's dns server differs from the results you get directly from that isp dns server?

This is where it gets confusing. When I am trying to download Rockstar's Red Dead Redemption 2 using their authoritative DNS directly, I receive 100Mbps it pulls from Level 3 carrier provided akamai service. But when I use the monolithic cache and upstream as ISP's Authorative DNS, it is using normal internet bandwidth which is 20Mbps.

This is the scenario when downloading RDR2 :

a) 103.16.152.208[pulls from this IP but limited to internet b/w] when using the lancache-dns ip and upstream as ISP authoritative DNS. b) 103.15.41.9[pulls cache from Level 3 Carrier akamai CDN] when using direct ISP Authoritative dns

Anyway I sent some screenshots from my PC using ISP DNS and monolithic DNS server nslookup which is also hosted inside their office.