What's new

DNS pointing to a Kazakstan server: anyone seen this?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Mister2088

Regular Contributor
Hi Team, I am on the last 388.7 firmware version, first of all. I noticed by doing a dns leak test that dns points to some KG server (185.211.231.155) although my configuration uses DOT with Quad9 and cleanbrowsing.
Has anyone seen this? is dns somehow 'poisoned'? Any suggestions?
in the meantime, I'll reboot my router to see if it clears.
 
That IP address belongs to KG-IX, an internet exchange / transit provider. Quad9 lists KG-IX as their server location for Kyrgyzstan. So if that shows up on a DNS leak test, then your ISP is routing you to that Quad9 POP. When using Quad9, you’ll never see “Quad9” in a dns leak test. Instead, you’ll see the server belonging to whatever transit provider Quad9 has peered with. For example, I’m located in Canada (in the Toronto area) and I’m using Quad9…my leak test shows an IP address belonging to PCH (Packet Clearing House) and ISP shows WoodyNet, which is what Quad9 uses for their servers located at the Toronto Internet Exchange.

Where are you located and who’s your ISP?
 
Last edited:
That IP address belongs to KG-IX, an internet exchange / transit provider. Quad9 lists KG-IX as their server location for Kyrgyzstan. So if that shows up on a DNS leak test, then your ISP is routing you to that Quad9 POP. When using Quad9, you’ll never see “Quad9” in a dns leak test. Instead, you’ll see the server belonging to whatever transit provider Quad9 has peered with. For example, I’m located in Canada (in the Toronto area) and I’m using Quad9…my leak test shows an IP address belonging to PCH (Packet Clearing House) and ISP shows WoodyNet, which is what Quad9 uses for their servers located at the Toronto Internet Exchange.

Where are you located and who’s your ISP?
I am in Pickering with Rogers. I have never seen this before in any dns leak tests, thus I was worried. I usually see woodynet as you mentioned. Makes you wonder how the best sers are chosen.
How did you find that KG-IX belongs to quad9?
 

That’s very strange. I’m also with Rogers and always see WoodyNet. I’ve never seen Rogers routing to locations outside of Canada and US (sometimes they route to the New York Internet Exchange).

Can you post a screenshot of how you have your DNS settings configured in your router?
 
I am in Pickering with Rogers. I have never seen this before in any dns leak tests, thus I was worried. I usually see woodynet as you mentioned. Makes you wonder how the best sers are chosen.
How did you find that KG-IX belongs to quad9?
Nevermind, I found it on the quad9 website. Initially, I thought I was somehow hacked. But now I am not worried. I still wonder how Roger's peers the best quad9 server. I would think it would choose a GTA location or even somewhere like Chicago.
 
Nevermind, I found it on the quad9 website. Initially, I thought I was somehow hacked. But now I am not worried. I still wonder how Roger's peers the best quad9 server. I would think it would choose a GTA location or even somewhere like Chicago.
You should not be routed to Kyrgyzstan. Contact Quad9 support. They need to look into this.
 
That IP address belongs to KG-IX, an internet exchange / transit provider. Quad9 lists KG-IX as their server location for Kyrgyzstan. So if that shows up on a DNS leak test, then your ISP is routing you to that Quad9 POP. When using Quad9, you’ll never see “Quad9” in a dns leak test. Instead, you’ll see the server belonging to whatever transit provider Quad9 has peered with. For example, I’m located in Canada (in the Toronto area) and I’m using Quad9…my leak test shows an IP address belonging to PCH (Packet Clearing House) and ISP shows WoodyNet, which is what Quad9 uses for their servers located at the Toronto Internet Exchange.

Where are you located and who’s your ISP?

That’s very strange. I’m also with Rogers and always see WoodyNet. I’ve never seen Rogers routing to locations outside of Canada and US (sometimes they route to the New York Internet Exchange).

Can you post a screenshot of how you have your DNS settings configured in your router?
 

Attachments

  • dns_temp.jpg
    dns_temp.jpg
    68.4 KB · Views: 52
I can confirm there’s a problem with Quad9 and Rogers ISP. I’m now also seeing KG-IX in my dns leak tests. I’ve contacted Quad9 support. Will provide an update here when I hear back.
 
FYI.. just did another leak test and it is back to normal again re. choosing woodynet in NYC . I guess it was a temporary glitch.
 
I heard back from them. There was a routing leak in Asia that started yesterday. It’s now resolved. They had to shut down the KG POP and they’re still investigating how it happened.

I just ran a dns leak test too and I don’t see KG anymore either. I see the usual Toronto and New York servers. All good again but I’m still concerned that this happened…
 
I heard back from them. There was a routing leak in Asia that started yesterday. It’s now resolved. They had to shut down the KG POP and they’re still investigating how it happened.

I just ran a dns leak test too and I don’t see KG anymore either. I see the usual Toronto and New York servers. All good again but I’m still concerned that this happened…
What DNS leak test are you running?
 
I heard back from them. There was a routing leak in Asia that started yesterday. It’s now resolved. They had to shut down the KG POP and they’re still investigating how it happened.

I just ran a dns leak test too and I don’t see KG anymore either. I see the usual Toronto and New York servers. All good again but I’m still concerned that this happened…
Thank you! Thought i was the only one having issues with Quad9 routing DNS traffic to khazagstan. Have transferred to nextdns + controld (I'm in canada), and my latency now is even less at 30ms versus quad9 in chicago which is around 150ms.
 
I’ve switched to CIRA (Canadian Shield). Giving them a try. I like the fact that all my DNS queries stay in-country instead of being routed to the US (or worse…half way around the world 🙂). So far, so good. My pings are better than they were with Quad9. They’re almost as good as my pings are with my ISP’s (Rogers) DNS.

 
Last edited:
Research the history of CIRA management and who's behind. You may want to switch to something else.
 
Research the history of CIRA management and who's behind. You may want to switch to something else.
I looked at their leadership team, read their privacy policy, and read up a bit on who they are, etc. but nothing is jumping out at me. What should I be concerned about?
 
Last edited:

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top