Normal tracerotue for mail.google.com to china?



  • Do I have something messed up with unbound?

    win10:~ joe$ traceroute mail.google.com
    traceroute: Warning: mail.google.com has multiple addresses; using 74.125.203.83
    traceroute to mail-china.l.google.com (74.125.203.83), 64 hops max, 52 byte packets
    1 firewall (10.254.254.1) 5.600 ms 6.978 ms 6.227 ms
    2 22.34.207.1 (22.34.207.1) 12.827 ms 14.139 ms 12.455 ms
    3 96-34-42-196.static.unas.mi.charter.com (96.34.42.196) 12.892 ms 12.064 ms 13.005 ms
    4 crr01aldlmi-bue-230.aldl.mi.charter.com (96.34.35.24) 16.756 ms 19.596 ms 21.591 ms
    5 bbr01aldlmi-bue-1.aldl.mi.charter.com (96.34.2.8) 25.962 ms 21.507 ms 13.627 ms
    6 bbr01chcgil-bue-805.chcg.il.charter.com (96.34.0.139) 33.123 ms 25.634 ms 31.569 ms
    7 prr01chcgil-bue-2.chcg.il.charter.com (96.34.3.9) 24.906 ms 25.575 ms 25.726 ms
    8 prr01chcgil-gbe-0-7-0-3.chcg.il.charter.com (96.34.152.117) 32.434 ms 31.151 ms 34.082 ms
    9 108.170.243.197 (108.170.243.197) 29.061 ms * *
    10 216.239.47.128 (216.239.47.128) 29.545 ms
    108.170.233.110 (108.170.233.110) 34.229 ms
    72.14.232.168 (72.14.232.168) 24.593 ms
    11 108.170.243.233 (108.170.243.233) 26.131 ms
    72.14.232.70 (72.14.232.70) 44.499 ms
    209.85.143.103 (209.85.143.103) 42.330 ms
    12 209.85.250.146 (209.85.250.146) 33.273 ms
    209.85.251.139 (209.85.251.139) 49.183 ms
    209.85.254.94 (209.85.254.94) 34.961 ms
    13 108.170.228.147 (108.170.228.147) 88.452 ms
    72.14.239.127 (72.14.239.127) 94.546 ms
    209.85.247.5 (209.85.247.5) 35.727 ms
    14 216.239.47.250 (216.239.47.250) 47.152 ms
    108.170.236.125 (108.170.236.125) 177.227 ms
    216.239.47.250 (216.239.47.250) 50.881 ms
    15 216.239.54.53 (216.239.54.53) 89.672 ms
    209.85.245.48 (209.85.245.48) 204.713 ms
    72.14.234.25 (72.14.234.25) 297.979 ms
    16 209.85.248.153 (209.85.248.153) 399.879 ms
    209.85.249.207 (209.85.249.207) 208.874 ms
    209.85.247.19 (209.85.247.19) 409.622 ms
    17 209.85.249.53 (209.85.249.53) 237.340 ms
    216.239.46.3 (216.239.46.3) 211.124 ms
    72.14.233.210 (72.14.233.210) 245.371 ms
    18 * 209.85.247.199 (209.85.247.199) 318.458 ms *
    19 * * *
    20 * * *
    21 * * *
    22 * * *
    23 * * *
    24 * * *
    25 * * *
    26 * * 74.125.203.83 (74.125.203.83) 261.646 ms



  • That definitely doesn’t look like the right server, but nothing there shows how you got that answer. You could dial up the logging level and see if you get something interesting there.



  • Unbound is getting the responses straight from the DNS root hosts. If something is wrong with DNS, it's likely their fault on the other end and not your end.



  • Clearing the dns cache on the client seemed to help, Mac OS X 10.13 but the same issue happened on the pfSense box. I think charter was doing some DNS manipulation, someone at charter made a mistake or the spooks have put my dns traffic in the tunnel for them to tamper with. moving to DNSSEC and pointing my firewall to use a DNSSEC provider seems to have cleared this issue up.



  • I had similar/identical traceroute from a Mac OS X client and on the pfSense box itself using 127.0.0.1(unbound).

    Seems like it would be interesting to have unbound log when DNSSEC could not be used becuase the root keys are invalid, either the time on pfSense is wrong or the ISP is doing layer 7 manipulation. i.e. like what happens when you live in China, Russia or the USA...