Overview
Sometimes, you may notice your DNS traffic is being routed to a data center (DC) that is not the closest location to you. You may also notice higher latency when being routed to one location versus another.
Umbrella utilizes anycast routing. Every data center announces the same IP addresses. BGP then takes care of the rest, routing requests transparently to the fastest available location.
When you configure your network to send DNS queries to 208.67.222.222 and 208.67.220.220, your DNS traffic could be routed to any of the locations listed here, depending on geographical distance, peering, congestion, and other measures.
Technical Details
Due to limited peering arrangements with some ISPs (mostly in China), the RTT (Round Trip Time) to the closest Cisco Umbrella data center depends on geographic location and connection type. For example, we find that most customers within China are routed to our Tokyo, Hong Kong, or Singapore locations.
We only provide DNS answers to your queries. The routing to the destination is handled by the paths between the ISP and the target host; we cannot control the route your traffic takes to reach our data centers. However, with careful peering arrangements (and some luck), we can influence the route taken.
Checking which DC your DNS traffic is routed to
This information can be found by simply running a DNS query for a TXT record from debug.opendns.com. For example:
nslookup -timeout=10 -type=txt debug.opendns.com.
Among the output, you'll want to look for a line similar to this:
debug.opendns.com text = "server m25.pao"
The value after "server" is the resolver that responded to the query, including its location. In this case, it's Palo Alto, USA. You can find a list of our server locations and their status here, which includes their abbreviated names.
Troubleshooting Latency
If your DNS traffic is being routed to a DC that is very far from your actual location and is causing a greater latency, it's possible you're using a remote-access VPN. Try your queries again while disconnected from the VPN to confirm this is the case.
You may also find that your ISP has an actual egress point (geographical location where the traffic leaves their network to reach the 'wider Internet') that is also nowhere near you. Some ISP's do this sort of thing in order to cut costs. You could live in the same town as one of our DC's, but because your ISP is hitting the Internet from another city, the RTT to another of our DCs could be faster, and therefore that location would be used.
If you're experiencing location/latency problems and have ruled out VPNs, please contact our Support team at umbrella-support@cisco.com.
Comments
0 comments
Please sign in to leave a comment.