Unknown IPs showing up for Uplay and Steam

[teknoman117]

Describe the issue you are having

I've noticed that on Windows, most of my Steam download traffic is coming from servers that aren't my cache. I've forced my network setup to only use the DNS server running on my cache, but it seems to find some other servers.

The IP addresses I noticed a few times were:

• 162.254.195.24
• 162.254.195.39
• 162.254.195.40
• 162.254.195.41

However, reverse DNS lookup appears to show nothing for these, so I'm not quite sure where they are coming from. I'll see if lancache-dns holds dns logs.

I also noticed the same for Uplay. It was mostly coming from my cache, but occasionally, streams from some akamai servers showed up. The one I noticed was:

• 23.215.100.147 (a23-215-100-147.deploy.static.akamaitechnologies.com)

Describe your setup?

lancachenet/lancache-dns

Are you running sniproxy

yes

DNS Configuration

docker run --restart unless-stopped --name lancache-dns --detach -p 53:53/udp -e USE_GENERIC_CACHE=true -e LANCACHE_IP=$HOST_IP lancachenet/lancache-dns:latest

Sniproxy output

Please paste the output from docker logs <sniproxy container name/id> | sed 's/.*\:443 \[//;s/\].*//' | sort | uniq -c below

<!-- If you are running sniproxy paste the output to the following command
docker logs <sniproxy container name/id> | sed 's/.*\:443 \[//;s/\].*//' | sort | uniq -c
-->
      1 cm2-lax1.cm.steampowered.com
      1 cp501-prod.do.dsp.mp.microsoft.com
      2 fe2cr.update.microsoft.com
      1 geo-prod.do.dsp.mp.microsoft.com
      1 kv501-prod.do.dsp.mp.microsoft.com
     16 nydus.battle.net
      5 slscr.update.microsoft.com
      3 sls.update.microsoft.com
      4 static3.cdn.ubi.com
      4 static8.cdn.ubi.com

[MathewBurnett]

Most likely video or steamed content playing in the client. Can you confirm that you are seeing that traffic on port 80?

[teknoman117]

@MathewBurnett yes, I was only looking at the ones on port 80. 10.0.0.13 is my cache, 10.0.0.10 is the machine I've got steam on.

[teknoman117]

The symptom is: Steam downloading at 30 MB/s, the router saying 30 MB/s being delivered to my desktop, yet only showing the cache receiving and sending 15 MB/s traffic.

[MathewBurnett]

Well that certainly has the smell of content

[MathewBurnett]

inetnum: 162.254.192.0 - 162.254.199.255 org: VC-2 netname: VALVE-V4-6 status: ASSIGNMENT source: ARIN-GRS remarks: **** remarks: THIS OBJECT IS MODIFIED remarks: Please note that all data that is generally regarded as personal remarks: data has been removed from this object. remarks: To view the original object, please query the ARIN Database at: remarks: * http://www.arin.net/ remarks: ****

RIPE record

[MathewBurnett]

Out of interest who is your ISP?

[teknoman117]

@MathewBurnett

Cox in Southern California. Pretty much your only option for >40 Mb around where I live.

[teknoman117]

after some manual poking about, 162.254.195.39 is cache11-lax1.steamcontent.com

[MathewBurnett]

interestingly "cache11-lax1.steamcontent.com" resolves to the cache here (i'm at the uk's largest LAN). As *.steamcontent.com is in the list. https://github.com/uklans/cache-domains/blob/5ab391af689ea575fee150587947da4bb26fbfbf/steam.txt#L23 Is your dns container up to date? Also worth running round the usual ipconfig /flushdns routine in case you have a cached dns

[teknoman117]

Yes, although I think I may have figured out what was going on. So, I disabled IPv6 and now all the domains appear to be resolving correctly (cache11-lax1 is in my DNS server log, etc.). I definitely haven't setup up DNS caching for IPv6, and I know my Linux box isn't using DNS over IPv6, even though it definitely is using IPv6 for other things.

[teknoman117]

I'm going to close this because of that. I'll open an issue with lancachenet about DNS on IPv6. Thanks for your time!

[MathewBurnett]

you might find that disabling ipv6 has down/up'd your connection and flushed your dns

[teknoman117]

I left it downloading for ~8 minutes with IPv6 off, didn't see any IPs on 80 other than my cache server. I went and turned it back on, ran /flushdns and within 30 or so seconds they started popping back up under Steam.exe.

[teknoman117]

oh, well, found this: https://github.com/lancachenet/lancache-dns/issues/24

Looks like it's a wontfix for IPv6 =/

[astrolox]

I'm curious. Please clarify for me;

You're saying that with IPv6 turned on, with your PC using the lancache-dns image as it's DNS server, you are finding that downloads from steam are sometimes going to completely different IPv4 addresses?

Am I right in thinking that this is a result of some of your DNS traffic being sent to IPv6 DNS servers (i.e. not the lancache-dns server)

[teknoman117]

@astrolox

You're saying that with IPv6 turned on, with your PC using the lancache-dns image as it's DNS server, you are finding that downloads from steam are sometimes going to completely different IPv4 addresses?

Correct. My theory is that maybe it's reaching out to IPv6 DNS servers as well as the IPv4 ones (on windows). For IPv4 DNS, I'm definitely only using my cache server (verified with ipconfig /all). Upon some searching, it looks as if windows will use whatever DNS server responds more quickly, which could easily be the router's DNS for IPv6 if the cache server has any load. (my network setup is Cable Modem <-> EdgeRouter X <-> Microtik 10G switch <-> (port 0,1 (802.3ad): Cache Server, port 2: Desktop). The EdgeRouter X is running the DHCP server & IPv6 DNS. IPv4 DNS is served by the Cache Server (only DNS server provided by DHCPv4).

On Steam under Linux, it didn't hit anything other than my cache, even with IPv6 on, although I know for a fact that Linux will always use the first nameserver it can which can resolve the request, even if the secondaries may be quicker (the order in /etc/resolv.conf).

[astrolox]

@teknoman117

Following up on that. I'd argue that the issue here is not that IPv6 is turned on, but that your IPv6 DNS settings are not pointing at lancache-dns. Could you expose lancache-dns over IPv6 and use that as your IPv6 DNS server?