03 Mar

Mapping Facebook’s FNA (CDN) nodes across the world!

Just back from APRICOT 2018. As I mentioned in my previous blog post, APNIC had its first Hackathon and it was fun (blog post of APNIC here). There was one project on the ranking of CDNs using RIPE Atlas data. To achieve this team was trying to find strings/hostnames which they can trace to and figure out nearby CDN.

As part of that, I suggested them to look into www.facebook.com and carefully noting the sources from where elements get loaded. It’s quite common that Facebook.com (or Google.com for the logic) would be hosted on some server at a large PoP while FNA (or GGC) would serve only specific static content out of it. FNA, of course, sits on the IPs of the ISP hosting it.

So in the source list, we found scontent.fktm1-1.fna.fbcdn.net and that gives an idea that FNA strings are around logic: scontent.fxxx1-1.fna.fbcdn.net where xxx is the airport code. 1-1 means 1st PoP in 1st ISP over there probably (strong guess!). If there are more FNA nodes in a given area, the number goes further up. The team used it and for now, the project is over. But while I was on the way back to India, I thought that this is very interesting data if we pull the full picture by querying all possible IATA airport codes with a logic.

 

This logic can be used for two things:

  1. Finding locations of all FNA nodes and plot them on the map
  2. Find which networks/ASNs in the world host it

 

In my check with a script querying it all, I found there are 1689 of FNA’s nodes deployed across the world. Here’s a map of the presence of FNA:

Some of the interesting regional stats from the data

India

Bharti Airtel AS9498 is hosting Facebook caching FNA nodes at Bangalore, Mumbai, Calcutta, Delhi, Hyderabad, Chandigarh, Jaipur, Chennai and Patna i.e 9 cities while in case of Jio they are hosted in 19 cities – Agra, Ahmedabad, Bhubaneswar, Bhopal, Bangalore, Mumbai, Calcutta, Cochin, Delhi, Delhi, Guwahati, Hyderabad, Jammu, Jaipur, Madras, Nagpur, Patna, Simla, Srinagar. IDEA Cellular has them at 6 locations Bangalore
Mumbai, Delhi, Hyderabad, Indore and Pune.

FNA nodes in Indian metro cities

ASN AS Name IPv4 IPv6 Airport Code Airport Desc
9498 BBIL-AP BHARTI Airtel Ltd., IN 157.240.191.17 2a03:2887:ff05:0:face:b00c:0:a7 BOM Bombay
45769 DVOIS-IN D-Vois Broadband Pvt Ltd, IN 1.186.190.17 2400:1f00:0:d:face:b00c:0:a7 BOM Bombay
55836 RELIANCEJIO-IN Reliance Jio Infocomm Limited, IN 49.44.63.17 2405:200:1602:2885:face:b00c:0:a7 BOM Bombay
55644 IDEANET1-IN Idea Cellular Limited, IN 223.196.3.81 2400:c700:0:5:face:b00c:0:a7 BOM Bombay
58678 INTECHONLINE-IN Intech Online Private Limited, IN 124.108.16.209 2404:bd00:1:4:face:b00c:0:a7 BOM Bombay
55352 MCPL-IN Microscan Computers Private Limited, IN 103.226.191.209 2406:9e00:3:1:face:b00c:0:a7 BOM Bombay
18196 SEVENSTAR-AS Seven Star Internet Service Provider, IN 202.134.164.209 2402:f200:301:0:face:b00c:0:a7 BOM Bombay
45194 SIPL-AS Syscon Infoway Pvt. Ltd., IN 110.5.75.17 2401:a100:2:4:face:b00c:0:a7 BOM Bombay
45117 INPL-IN-AP Ishan_s Network, IN 103.214.129.17 BOM Bombay
133720 SOFTCALLCOC-AS SOFT CALL CUST-O-CARE PRIVATE LIMITED, IN 139.5.47.209 BOM Bombay
133232 SAMPARKESTATES-AS-IN SAMPARK ESTATES PVT. LTD., IN 103.69.221.17 2001:df7:6e00:3:face:b00c:0:a7 BOM Bombay
17665 IN2CABLE-AP AS Number of In2cable.com (India) Ltd., IN 203.192.223.145 BOM Bombay
55832 HOMESYSTEM-AS-AP HOME SYSTEMS PVT.LTD, IN 120.88.176.145 BOM Bombay
55862 WNET-IN Wan & Lan Internet Pvt Ltd, IN 49.128.164.17 BOM Bombay
24554 FIVE-NET-AS-IN Fivenetwork Solution India Pvt Ltd Internet, IN 202.177.230.145 BOM Bombay
17488 HATHWAY-NET-AP Hathway IP Over Cable Internet, IN 202.88.184.17 BOM Bombay
38266 HUTCHVAS-AS Vodafone Essar Ltd., Telecommunication – Value Added Services, IN 1.38.8.17 2402:3a80:c002:13:face:b00c:0:a7 BOM Bombay
17747 ZIML-AP SITI NETWORKS LIMITED, IN 103.225.178.209 2406:3c80:1:3:face:b00c:0:a7 CCU Calcutta
55836 RELIANCEJIO-IN Reliance Jio Infocomm Limited, IN 49.44.63.209 2405:200:1606:2885:face:b00c:0:a7 CCU Calcutta
23860 ALLIANCE-GATEWAY-AS-AP Alliance Broadband Services Pvt. Ltd., IN 203.171.243.145 CCU Calcutta
9498 BBIL-AP BHARTI Airtel Ltd., IN 157.240.185.17 2a03:2887:ff06:0:face:b00c:0:a7 CCU Calcutta
45804 MEGHBELA-IN MEGHBELA BROADBAND, IN 103.56.238.17 CCU Calcutta
45334 AIRCEL-AS-AP Dishnet Wireless Limited, IN 202.148.205.17 2402:4c00:ffff:ffed:face:b00c:0:a7 CCU Calcutta
38266 HUTCHVAS-AS Vodafone Essar Ltd., Telecommunication – Value Added Services, IN 1.38.7.209 2402:3a80:c009:13:face:b00c:0:a7 CCU Calcutta
NA NA 223.196.149.145 2400:c700:a000:0:face:b00c:0:a7 CCU Calcutta
9498 BBIL-AP BHARTI Airtel Ltd., IN 157.240.189.17 2a03:2887:ff03:0:face:b00c:0:a7 DEL Delhi
55644 IDEANET1-IN Idea Cellular Limited, IN 223.196.64.17 2400:c700:4000:0:face:b00c:0:a7 DEL Delhi
55836 RELIANCEJIO-IN Reliance Jio Infocomm Limited, IN 49.44.63.145 2405:200:160b:2885:face:b00c:0:a7 DEL Delhi
17747 ZIML-AP SITI NETWORKS LIMITED, IN 103.217.246.17 2402:ea80:0:1:face:b00c:0:a7 DEL Delhi
132116 ANINETWORK-IN Ani Network Pvt Ltd, IN 45.248.174.81 DEL Delhi
132453 TRIPLE-PLAY-IN TRIPLE PLAY BROADBAND PRIVATE LIMITED, IN 150.242.84.145 DEL Delhi
58965 ABSPL-AS-IN ANJANI BROADBAND SOLUTIONS PVT.LTD., IN 103.233.117.81 DEL Delhi
133982 EXCITEL-AS-IN Excitel Broadband Private Limited, IN 103.56.230.209 DEL Delhi
45184 DEN-ISP-AS-IN-AP Den Digital Entertainment Pvt. Ltd. AS ISP india, IN 112.196.177.17 DEL Delhi
133982 EXCITEL-AS-IN Excitel Broadband Private Limited, IN 103.48.198.209 DEL Delhi
55836 RELIANCEJIO-IN Reliance Jio Infocomm Limited, IN 49.44.62.145 2405:200:1605:2885:face:b00c:0:a7 DEL Delhi
17488 HATHWAY-NET-AP Hathway IP Over Cable Internet, IN 202.88.147.145 DEL Delhi
38266 HUTCHVAS-AS Vodafone Essar Ltd., Telecommunication – Value Added Services, IN 1.38.7.81 2402:3a80:c005:13:face:b00c:0:a7 DEL Delhi
NA NA 233.196.145.145 2400:c700:a001:0:face:b00c:0:a7 DEL Delhi
133275 GIGANTIC-AS Gigantic Infotel Pvt Ltd, IN 103.59.199.145 DEL Delhi
38266 HUTCHVAS-AS Vodafone Essar Ltd., Telecommunication – Value Added Services, IN 1.38.5.17 2402:3a80:c006:13:face:b00c:0:a7 DEL Delhi
9498 BBIL-AP BHARTI Airtel Ltd., IN 157.240.190.17 2a03:2887:ff04:0:face:b00c:0:a7 MAA Madras
55836 RELIANCEJIO-IN Reliance Jio Infocomm Limited, IN 49.44.63.81 2405:200:1607:2885:face:b00c:0:a7 MAA Madras
24309 CABLELITE-AS-AP Atria Convergence Technologies Pvt. Ltd. Broadband Internet Service Provider INDIA, IN 49.207.35.17 2406:7400:b7:0:face:b00c:0:a7 MAA Madras
45334 AIRCEL-AS-AP Dishnet Wireless Limited, IN 202.148.204.145 2402:4c00:ffff:ffec:face:b00c:0:a7 MAA Madras
38266 HUTCHVAS-AS Vodafone Essar Ltd., Telecommunication – Value Added Services, IN 1.38.8.145 2402:3a80:c00b:13:face:b00c:0:a7 MAA Madras
17488 HATHWAY-NET-AP Hathway IP Over Cable Internet, IN 202.88.160.81 MAA Madras

 

South Asian neighbours of India

Kathmandu

ASN AS Name IPv4 IPv6 Airport Code Airport Desc
23752 NPTELECOM-NP-AS Nepal Telecommunications Corporation, Internet Services, NP 120.89.99.17 KTM Kathmandu
38565 NCELL-AS-NP Ncell Pvt. Ltd., NP 116.68.215.17 KTM Kathmandu
17501 WLINK-NEPAL-AS-AP WorldLink Communications Pvt Ltd, NP 139.5.68.17 2400:1a00:4:139:face:b00c:0:a7 KTM Kathmandu
45845 NEPAL-IIG-AS NEPAL INTERNATIONAL INTERNET GATEWAY, NP 202.51.79.17 2405:6600:709:0:face:b00c:0:a7 KTM Kathmandu
4613 MOS-NP Mercantile Office Systems, NP 27.111.22.17 KTM Kathmandu
55915 CLASSIC-NP Classic Tech Pvt. Ltd., NP 202.94.66.145 KTM Kathmandu
45650 VIANET-NP Vianet Communications Pvt. Ltd., NP 110.44.120.81 2404:7c00:1:1:face:b00c:0:a7 KTM Kathmandu
17501 WLINK-NEPAL-AS-AP WorldLink Communications Pvt Ltd, NP 139.5.68.145 2400:1a00:4:13a:face:b00c:0:a7 KTM Kathmandu
4007 SUBISU-CABLENET-AS-AP Subisu Cablenet (Pvt) Ltd, Baluwatar, Kathmandu, Nepal, NP 182.93.66.17 2403:3800::face:b00c:0:a7 KTM Kathmandu

 

Dhaka

ASN AS Name IPv4 IPv6 Airport Code Airport Desc
24432 AXIATA-ROBI-AS-AP TM International Bangladesh Ltd.Internet service Provider,Gulshan-1,Dhaka-1212, BD 202.134.8.17 DAC Dhaka
24389 GRAMEENPHONE-AS-AP GrameenPhone Ltd., BD 123.108.241.17 DAC Dhaka
24389 GRAMEENPHONE-AS-AP GrameenPhone Ltd., BD 123.108.242.17 DAC Dhaka
45245 BANGLALINK-AS banglalink an Orascom Telecom Company, providing GSM Telecom service in Bangladesh, BD 203.223.95.209 DAC Dhaka
58715 EARTHTELECOMMUNICATION-AS EARTH TELECOMMUNICATION (Pvt) LTD., BD 45.113.132.17 DAC Dhaka
23688 LINK3-TECH-AS-BD-AP Link3 Technologies Ltd., BD 203.76.97.145 2400:ca00:1fb:fb01:face:b00c:0:a7 DAC Dhaka
58689 ICCNET-DHK-BD ICC Communication, BD 103.41.213.145 DAC Dhaka
134371 CIRCLENETWORK-BD CIRCLE NETWORK BANGLADESH, BD 202.136.90.209 2400:3dc0:200:1:face:b00c:0:a7 DAC Dhaka
63996 MNL-AS-AP Mazeda Networks Limited, BD 103.60.174.145 DAC Dhaka
58601 AAMRA-ATL-BD Aamra technologies limited, BD 43.245.195.81 DAC Dhaka
134204 BUSINESSNETWORK-AS-AP Business Network, BD 203.76.223.209 2400:4d40:1:101:face:b00c:0:a7 DAC Dhaka
45925 TELETALK-BD ASN For Teletalk Bangladesh Ltd., BD 103.230.105.145 DAC Dhaka
59362 KSNETWORK-AS-AP KS Network Limited, BD 110.76.130.81 DAC Dhaka
58682 LEVEL3-BD Level3 Carrier Ltd., BD 103.15.41.209 2404:c900:8:0:face:b00c:0:a7 DAC Dhaka
45766 TRIANGLESERVICES Triangle Services Limited., BD 103.40.227.81 DAC Dhaka
133854 X-PRESS-AS-AP X-press Technologies Limited., BD 103.43.149.81 DAC Dhaka
58889 ZOL-BD Zx Online Ltd, BD 103.19.254.145 DAC Dhaka
134382 ASN134382 Radisson Technologies, BD 103.88.235.17 DAC Dhaka
55492 DFN-BD Dhaka Fiber Net Limited, BD 45.127.244.209 DAC Dhaka
45905 STARGATE-AS-AP Stargate Communications Ltd., BD 45.118.245.145 DAC Dhaka

 

Colombo, Sri Lanka

ASN AS Name IPv4 IPv6 Airport Code Airport Desc
9329 SLTINT-AS-AP Sri Lanka Telecom Internet, LK 222.165.163.145 2402:d000:130:40:face:b00c:0:a7 CMB Colombo
9329 SLTINT-AS-AP Sri Lanka Telecom Internet, LK 222.165.163.209 2402:d000:130:48:face:b00c:0:a7 CMB Colombo
18001 DIALOG-AS Dialog Axiata PLC., LK 125.214.168.17 2404:f000:0:e:face:b00c:0:a7 CMB Colombo
18001 DIALOG-AS Dialog Axiata PLC., LK 125.214.168.145 2404:f000:0:f:face:b00c:0:a7 CMB Colombo
45224 BELLNET-AS-AP Lanka Bell Limited, LK 203.81.96.81 2406:c00:0:1:face:b00c:0:a7 CMB Colombo
132045 AIRTEL-AS-ISP Bharti Airtel Lanka Pvt. Limited, LK 223.224.4.17 2400:ff00:2:0:face:b00c:0:a7 CMB Colombo
17470 ETISALATLK-AS Etisalat Lanka (Pvt) Ltd., LK 43.252.12.145 CMB Colombo

 

Pakistan

ASN AS Name IPv4 IPv6 Airport Code Airport Desc
9541 CYBERNET-AP Cyber Internet Services (Pvt) Ltd., PK 103.213.110.17 KHI Karachi
132165 CONNECT-AS-AP Connect Communications, PK 111.119.161.209 KHI Karachi
24499 TPP-AS-PK Telenor Pakistan, PK 43.224.238.81 KHI Karachi
59257 CMPAKLIMITED-AS-AP CMPak Limited, PK 45.116.233.145 KHI Karachi
23966 LDN-AS-PK LINKdotNET Telecom Limited, PK 119.30.107.81 KHI Karachi
45595 PKTELECOM-AS-PK Pakistan Telecom Company Limited, PK 182.176.35.145 2404:7000:b100:0:face:b00c:0:a7 KHI Karachi
9387 AUGERE-PK AUGERE-Pakistan, PK 103.11.60.145 KHI Karachi
58895 EBONE1-PK Ebone Network (PVT.) Limited, PK 150.129.7.209 KHI Karachi
55714 APNIC-FIBERLINK-PK Fiberlink Pvt.Ltd, PK 103.17.203.145 KHI Karachi
38193 TWA-AS-AP Transworld Associates (Pvt.) Ltd., PK 110.93.194.81 2404:d400:4000:20:face:b00c:0:a7 KHI Karachi
45595 PKTELECOM-AS-PK Pakistan Telecom Company Limited, PK 182.176.35.209 2404:7000:b110:0:face:b00c:0:a7 KHI Karachi
45814 FARIYA-PK Fariya Networks Pvt. Ltd., PK 14.192.149.209 KHI Karachi
38547 WITRIBE-AS-AP WITRIBE PAKISTAN LIMITED, PK 115.167.77.81 KHI Karachi
24499 TPP-AS-PK Telenor Pakistan, PK 43.224.239.81 LHE Lahore
59257 CMPAKLIMITED-AS-AP CMPak Limited, PK 45.116.235.145 LHE Lahore
45595 PKTELECOM-AS-PK Pakistan Telecom Company Limited, PK 182.176.35.81 2404:7000:6100:0:face:b00c:0:a7 LHE Lahore
23966 LDN-AS-PK LINKdotNET Telecom Limited, PK 119.30.107.17 LHE Lahore
9541 CYBERNET-AP Cyber Internet Services (Pvt) Ltd., PK 124.29.210.81 LHE Lahore
38264 WATEEN-IMS-PK-AS-AP National WiMAX/IMS environment, PK 58.27.171.17 2402:fd00::face:b00c:0:a7 LHE Lahore
45595 PKTELECOM-AS-PK Pakistan Telecom Company Limited, PK 182.176.36.81 2404:7000:6000:0:face:b00c:0:a7 LHE Lahore
38547 WITRIBE-AS-AP WITRIBE PAKISTAN LIMITED, PK 115.167.75.81 LHE Lahore

 

 

Male, Maldives

ASN AS Name IPv4 IPv6 Airport Code Airport Desc
55944 OOREDOO-MV Ooredoo Maldives Plc, MV 202.153.85.209 MLE Male
7642 DHIRAAGU-MV-AP Dhivehi Raajjeyge Gulhun (Dhiraagu), MV 103.31.85.81 2406:e400:1:fb:face:b00c:0:a7 MLE Male

 

What is amazing to see that is there are even nodes of Facebook in areas like Kabul

Kabul, Afghanistan

ASN AS Name IPv4 IPv6 Airport Code Airport Desc
38742 AWCC-AS-AP AWCC, AF 61.5.206.209 2400:e500:0:16:face:b00c:0:a7 KBL Kabul
45178 ROSHAN-AF Main Street, House No. 13 Wazir Akbar Khan, AF 103.28.134.81 KBL Kabul
55330 GCN-DCN-AS AFGHANTELECOM GOVERNMENT COMMUNICATION NETWORK, AF 149.54.4.81 KBL Kabul
55330 GCN-DCN-AS AFGHANTELECOM GOVERNMENT COMMUNICATION NETWORK, AF 149.54.4.17 KBL Kabul

 

Link to complete data – https://docs.google.com/spreadsheets/d/e/2PACX-1vQ18Ggi9x6QV-kLk6SrYEEQyA2U8gSHKTROfatNbhDISjfNZDEz-h2J8Qb10OIIQnEDvSrKS5Aj5XsP/pubhtml?gid=1674278445&single=true

 

Limitations of data

  1. As I often say – what is there is there. There can be more which is not there in data.
  2. Mapping is based on airport codes and it’s a common practice to use airport codes in DNS records. Actual node location may be within a 100-200km radius of the airport code.
01 Mar

Encrypted DNS using DNSCrypt

Writing this post from my hotel room in Kathmandu. I found that many of the servers appear to be DNS resolvers which is unusual.

E.g:

 

This seems unusual and is the result of basically port 53 DNS hijack. Let’s try to verify it using popular “whoami.akamai.net” query.

So clearly something in middle is hijacking DNS queries and no matter whichever DNS resolver I try to use, the queries actually hit authoritative DNS via 202.79.32.164. This belongs to WorldLink Communications (ISP here in Nepal) and I am just 5 hops away from it.

 

So what can be done about these cases? Well, one way is VPN of course but with a setup where VPN server’s IP address is hardcoded in the client and not using DNS. It works and does the task but performance can vary greatly depending on how far is the tunnel server. A better and more modern way out of it is by using encryption in DNS by using a protocol named “DNSCrypt“. DNSCrypt offers to encrypt of DNS queries from clients to the DNS resolvers. (Beyond that resolver still, follow usual non-encrypted root chain to reach authoritative DNS servers).

 

So how does it work?

There’s no integrated support of DNSCrypt in OS’es at this time. There are number of projects like dnscrypt-osxclient available on GitHub which enable this support.  Once configured, the client changes system’s DNS resolver to a local IP which listens for port 53 (regular/non-encrypted) requests.

The client often offers support of various open resolvers like OpenDNS, Quad9 etc.

 

 

Here it shows that DNS resolver in my case happens to be Cisco’s OpenDNS. As soon as the client gets port 53 DNS queries, it encrypts it and sends via UDP port 443 (UDP or TCP depending on provider and client configuration). The encyption is based on trusted root CA’s and associated chain as popularly used in HTTPS. This is also one of reasons why DNSCrypt is also known as DNS over HTTPS.

 

Here’s an example of a DNS query to resolve A record of google.com while running tcpdumps in parallel:

This shows request went in clear text to 127.0.0.54 which is configured on loopback. While in parallel if I watch for traffic towards OpenDNS public IPs, I get:

Thus all that appears here is just an encrypted packet to Cisco OpenDNS over UDP port 443.

I ran another query and saved it in pcap file. Here’s how it looks like in wireshark:

 

 

 

That’s all about it for now. I am going to keep encryption enabled especially when travelling from now onwards. Time to get some sleep. 🙂

 

Useful Links:

  1. dnscrypt-osxclient – https://github.com/alterstep/dnscrypt-osxclient
  2. DNSCrypt Wikipedia – https://en.wikipedia.org/wiki/DNSCrypt
  3. DNS Over HTTPS (Google Public DNS) – https://developers.google.com/speed/public-dns/docs/dns-over-https
  4. DNS over TLS (Quad9) – https://quad9.net/faq/#Does_Quad9_support_DNS_over_TLS