Interesting. Seeking to understand this: could it mean that it's not necessarily true that the PC's settings for DNS take precedence over the router's settings?
That was not exactly where I was going with my post, but the answer to your statement is… maybe.
It is indeed possible for a router to be configured to redirect traffic to a given device, especially when it is unauthenticated and in a local network. That would allow a home router to intercept that traffic and handle it according to its defined configuration.
That's a little bit how captive portals work on WiFi. They intercept DNS and HTTP traffic to redirect you to the captive portal instead of going out to the Internet (implementations do differ, but the logic stays the same).
What I had in mind is regular day-in day-out Internet routing, where a single IP address could be distributed across multiple servers (aka
anycast).
It is possible for a given service (your DNS recursor/resolver for the purposes of this discussion) to have a server hosted on your ISP's network and have it announce that
9.9.9.9
is at your ISP. When DNS tests will run, they will see another at-ISP address querying them because the answer needs to go back to the server servicing and not somewhere random. This will show up as your ISP in the report even if your computer did successfully query
9.9.9.9
and the expected host replied.
So, when I tested my home network which uses CIRA's Canadian Shield (with DNS-over-TLS) as one of the upstream services, it showed up with my ISP's name as a reverse DNS record (
Edit: as I was writing this post, I discovered that my ISP seems to host that server for public use).
To illustrate and test this, a simple trace route (using
tracert
) can be done. In my demonstration, I will use the Quad9 server at
9.9.9.9
and the open-source MTR tool with
-zw
command line arguments which gives me a report with AS numbers (network operators; I won't use them). I will hide the first 3 "public" hops to protect my IP addresses
.
When I run it from my home, it goes through this path:
Code:
~ % mtr 9.9.9.9 -zw
Start: 2024-08-10T23:02:26-0400
HOST: MyLaptop.local Loss% Snt Last Avg Best Wrst StDev
1. AS??? gw (172.16.10.1) 0.0% 10 2.9 2.9 2.2 5.0 0.8
2. AS5645 ISPRouter1.teksavvy.com (0.0.0.0) 0.0% 10 15.6 16.0 15.0 17.0 0.7
3. AS5645 ISPRouter2.teksavvy.com (0.0.0.0) 0.0% 10 16.9 17.5 14.9 23.3 2.9
4. AS5645 ISPRouter3.teksavvy.com (0.0.0.0) 0.0% 10 16.5 17.0 15.3 26.5 3.4
5. AS5645 ae1-0-bdr02-tor1.teksavvy.com (206.248.153.7) 0.0% 10 15.8 15.7 15.1 16.5 0.4
6. AS??? equinix01-ch1.pch.net (208.115.136.31) 0.0% 10 28.1 26.2 25.0 28.9 1.3
7. AS19281 dns9.quad9.net (9.9.9.9) 0.0% 10 29.4 26.3 24.2 34.7 3.3
Through a VPN on a server I operate from Montréal, it goes through:
Code:
~ % mtr 9.9.9.9 -zw
Start: 2024-08-10T23:05:10-0400
HOST: MyLaptop.local Loss% Snt Last Avg Best Wrst StDev
1. AS??? 10.0.200.1 0.0% 10 22.6 23.3 22.1 27.9 1.7
2. AS??? 0.0.0.0 0.0% 10 22.4 23.3 22.4 26.0 1.0
3. AS16276 0.0.0.0 0.0% 10 23.2 23.1 22.3 24.3 0.6
4. AS??? 0.0.0.0 0.0% 10 23.6 22.9 21.9 23.6 0.6
5. AS??? 10.196.135.125 0.0% 10 22.6 24.2 22.5 30.9 2.6
6. AS??? 10.196.134.162 0.0% 10 23.3 24.2 23.0 27.5 1.5
7. AS??? 10.196.134.140 0.0% 10 22.7 23.3 22.5 25.8 0.9
8. AS??? 10.74.9.238 0.0% 10 23.9 24.0 22.5 30.5 2.4
9. AS??? 10.95.81.10 0.0% 10 23.9 24.0 23.0 26.3 0.9
10. AS16276 ymq-mtl3-sbb2-8k.qc.ca (142.44.208.174) 50.0% 10 27.4 27.8 25.6 30.9 1.9
11. AS??? 10.200.3.5 20.0% 10 25.6 28.8 25.6 37.3 5.0
12. AS??? pch1.peer.qix.ca (198.179.18.20) 0.0% 10 23.7 24.1 23.5 24.8 0.4
13. AS19281 dns9.quad9.net (9.9.9.9) 0.0% 10 23.5 24.0 23.5 24.5 0.4
What we can observe from these 2 routes is that they don't end up at the same physical locations.
The penultimate hop is in different locations:
- Home ISP: Somewhere in Chicago (
equinix01-ch1
seems to be Equinix's CH1 datacentre)
- VPN: Somewhere in Montréal (QIX on hop 12)
Note: An IP operator can put any valid name in a reverse DNS record; they can't lower the calculated round-trip latency (they can increase it in theory, although I cannot think of a benefit in doing so).
We can observe that the average latency is about the same between the penultimate and the last hop. It means that they are not geographically distant, probably in the same or nearby building (let's say within 1km). It is safe to assume that those two
9.9.9.9
servers are not the same device.
Additionally, in the second route, all the hops have a reasonably close latency meaning they're all really close between them (within 100km). Communicating with Chicago from Montréal would roughly add 20ms worth of round-trip latency to those numbers.
Considering that it is meant to be a global service, it would make sense that that address when requested from Auckland shouldn't go to the same location as Montréal or Toronto; it would add unnecessary latency for every DNS query (over 210ms or 0.21s for a round-trip). That becomes perceptible for an end-user.
In conclusion, what I'm trying to say is that it might be normal and expected
That's how a lot of CDN services work, they simply have caching servers close to the end-users.
Network routing is definitely a fun rabbit hole someone can drop into