Hello folks!

Earlier today I was looking at my smokeping to find anything out of the ordinary and run maintenance on my home devices. Surprisingly, I did find something off with Facebook. Can't understand if its an issue with Cloudflare DNS only or something on my IP address?

So, recently in the last 10 days chart, I am seeing a jump for icmp latency to facebook.com from usual 25-30 ms to over 250 currently.



I went digging and see this is happening on DNS where my Adguard is query Cloudflare's 1.1.1.1 which is responding with their CDN in France? This seems to be only happening with Cloudflare DNS for me.


$ dig facebook.com @1.1.1.1 +short
157.240.0.35


$ ping facebook.com
PING facebook.com (157.240.0.35) 56(84) bytes of data.
64 bytes from edge-star-mini-shv-02-fra3.facebook.com (157.240.0.35): icmp_seq=1 ttl=41 time=277 ms
64 bytes from edge-star-mini-shv-02-fra3.facebook.com (157.240.0.35): icmp_seq=2 ttl=41 time=277 ms
64 bytes from edge-star-mini-shv-02-fra3.facebook.com (157.240.0.35): icmp_seq=3 ttl=41 time=277 ms
64 bytes from edge-star-mini-shv-02-fra3.facebook.com (157.240.0.35): icmp_seq=4 ttl=41 time=277 ms

However, when I query with Google DNS, I get a response with an IP which I presume is local to here.

$ dig facebook.com @8.8.8.8 +short
31.13.78.35

$ ping 31.13.78.35
PING 31.13.78.35 (31.13.78.35) 56(84) bytes of data.
64 bytes from 31.13.78.35: icmp_seq=1 ttl=57 time=2.12 ms
64 bytes from 31.13.78.35: icmp_seq=2 ttl=57 time=1.60 ms

Now, from my bit of DNS and CDN understanding - the response is given by authoritative server by looking at the source IP of the requester? - which in this case would be a Cloudflare server IP that did the recursive lookup?

Similarly, I checked other IP addresses from meta - 

Using Cloudflare - I get a similar IP as that of facebook.com but ping response is massively different. This IP probably resides in AU somewhere

dig meta.com @1.1.1.1 +short
157.240.8.18

ping 157.240.8.18
PING 157.240.8.18 (157.240.8.18) 56(84) bytes of data.
64 bytes from 157.240.8.18: icmp_seq=1 ttl=57 time=33.8 ms
64 bytes from 157.240.8.18: icmp_seq=2 ttl=57 time=26.7 ms
64 bytes from 157.240.8.18: icmp_seq=3 ttl=57 time=27.1 ms

When doing this using Google DNS:

dig meta.com @8.8.8.8 +short
31.13.78.3

ping 31.13.78.3
PING 31.13.78.3 (31.13.78.3) 56(84) bytes of data.
64 bytes from 31.13.78.3: icmp_seq=1 ttl=57 time=1.86 ms
64 bytes from 31.13.78.3: icmp_seq=2 ttl=57 time=1.77 ms
64 bytes from 31.13.78.3: icmp_seq=3 ttl=57 time=3.31 ms

Other similar tests for instagram are same to that of meta.com as above.

Keen to understand what in the internet wizardry could be happening here?
Could it be routing of that particular IP by Facebook being advertised from France or is it Cloudflare just going bonkers somehow?