Mildly interesting, it seems that one of the name servers for the .de DNS zone has all of their Cogent customers going via CNNIC (China Internet Network Information Center) all the way to China A traceroute from Cogent in Frankfurt: Probably a mistake rather than anything malicious, but that's still some extra long haul miles for some DNS queries
traceroute to 194.246.96.1 (194.246.96.1), 30 hops max, 60 byte packets
1 * *
2 be5200.ccr41.fra05.atlas.cogentco.com (154.54.76.169) 0.603 ms
3 be7946.ccr42.par01.atlas.cogentco.com (154.54.72.117) 9.937 ms
4 be2780.ccr32.mrs02.atlas.cogentco.com (154.54.72.226) 20.813 ms
5 be2899.ccr21.hkg02.atlas.cogentco.com (154.54.0.42) 181.371 ms
6 154.18.9.165 (154.18.9.165) 185.283 ms
7 159.226.254.229 (159.226.254.229) 220.828 ms
8 * *
9 218.241.107.69 (218.241.107.69) 221.520 ms !X *
wolf480pl@mstdn.io
replied 06 May 2026 15:05 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/B1gTJtTvhJ814pr5xK
@benjojo In my (admittedly very small) experience, ~200ms RTT is enough to get to Japan, but crossing the border into China adds another 100ms... although I guess traffic to the .de DNS would stay in CNNIC's equivalent of a the duty-free zone?
is that traceroute truncated?
benjojo
replied 06 May 2026 15:11 +0000
in reply to: https://mstdn.io/users/wolf480pl/statuses/116528247216295318
@wolf480pl It really depends on what physical path the data takes, if you go over the TTK cable over Russia you can get to china quite quickly from the EU
wolf480pl@mstdn.io
replied 06 May 2026 15:15 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/txYw1217CQf9rLM1fl
benjojo
replied 06 May 2026 15:19 +0000
in reply to: https://mstdn.io/users/wolf480pl/statuses/116528284505424665
@wolf480pl the GFW is a bit more complicated than "latency jump", the shitty performance people see getting in/out of China is almost always just regular transit congestion It's up for argument if the congestion is a policy decision or not, but that is a different story/argument entirely
alarig@hostux.social
replied 06 May 2026 15:10 +0000
in reply to: https://mstdn.io/users/wolf480pl/statuses/116528247216295318
benjojo
replied 06 May 2026 14:58 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/B1gTJtTvhJ814pr5xK
I suppose I should check if that is a new thing as of yesterday or not... Since if it was, then that implies that someone has picked a incredible time to do a intercept/MITM of a large DNS zone where a lot of people were disabling DNSSEC validation for in response to a incident
gregr@mamot.fr
replied 06 May 2026 15:51 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/npdD1CqZj7w42j2M63
@benjojo can I ask what you mean by Public resolver operators like Quad9, Cloudflare, Google ?
> a lot of people
Private operators in enterprises that have relations with Germany ?
benjojo
replied 06 May 2026 16:03 +0000
in reply to: https://mamot.fr/users/gregr/statuses/116528428656981930
Yes, and Hetzner, etc, as it was either that or lots of customer tickets and misery.
Public resolver operators like Quad9, Cloudflare, Google ?
gregr@mamot.fr
replied 06 May 2026 16:20 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/18PNDn133RQ2579l4r
benjojo
replied 06 May 2026 15:21 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/npdD1CqZj7w42j2M63
Seems like this is not a new thing, so it is not likely a direct response to the DNSSEC shenanigans yesterday :) unless the Chinese have developed a very specific time travel device for DNSSEC mistake news
nblr@chaos.social
replied 06 May 2026 16:00 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/B1gTJtTvhJ814pr5xK