[dns-operations] 8.8.8.8 does not support ECS for Https record?

Davey Song songlinjian at gmail.com
Fri Mar 5 03:33:39 UTC 2021


It is reported that people in China who use IOS14 and 8.8.8.8 received
unexpected responses. The typical example is that a name configured with
cname_1 for queries from China,  cname_2 for queries out of China.

IOS14 sends A/AAAA/HTTPs queries now. And if the HTTPs record is firstly be
queried to one 8.8.8.8 resolver (most likely out of China), the cname_2
with scope /0 is cached without ECS support. The following A/AAAA will be
impacted. So the queries from China will most likely receive cname_2.

Before 8.8.8.8 fix the problem, it is suggested that the IOS14 applications
that use cname should consider using one cname instead of two or more
cnames for different links. it is also suggested that IOS14 users change to
resolvers inside of China, resolver of ISP or public resolver like AliDNS
(223.5.5.5)

Best regards,
Davey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20210305/4f25a514/attachment-0001.html>


More information about the dns-operations mailing list