[1f60c]

I wonder why www.google.com resolved to 31.13.94.37, which IPinfo tells me belongs to AS32934 Facebook, Inc.

https://ipinfo.io/31.13.94.37

[raphman]

Also, the 'apple.com' IP address in the screenshot (221.194.154.187) belongs to a Chinese company.

The developer seems to be located in China. You are seeing the Great Firewall in action:

> The GFW does not have a unique technique of censorship. One of its strengths is to combine several techniques. One of them is the generation, by the network itself (and not by a lying resolver), of bogus DNS responses. You ask for a censored name and as a result you get an answer giving an IP address that has nothing to do with the question asked. [...] But if you ask him about a censored name, then the network generates a false answer. Even if the input is the same, the response varies from a request to another: [...]. The IP address 157.240.17.14 belongs to Facebook (normally scratch.mit.edu is at Fastly), a prime example of the lies generated by the GFW.

https://ipregistry.co/blog/chinese-national-firewall

[rfoo]

> You are seeing the Great Firewall in action

Why? It's just that Apple has CDNs in China. Yes, as long as you do all the bureaucracy nonsense and comply to censorship you can do that.

e6858.e19.s.tl88.net resolves to 221.194.154.187. tl88.net is the domain for a CDN vendor mainly operating in China.

And it does serve www.apple.com content with actual www.apple.com TLS cert.

[raphman]

Thanks for the explanation about the CDN for apple.com. However, the parent's observation seems to be consistent with the Great Firewall, no?

[rfoo]

Oops, sorry, yes you are right. For some reason I didn't see GP's comment at all and ignored the fact that you were replying to it /facepalm

[markhan-nping]

thanks ~

[markhan-nping]

Hello, I'm the developer of Nping, I'm glad you're interested in Nping, forgive me for using translation software to write this content, usually a domain name itself will be resolved to more than one ip address, Nping uses the output of the system command Ping

[1f60c]

Oh gosh, I'm so sorry. My comment wasn't meant as criticism of you or Nping; I had just never seen a DNS server intentionally return obviously incorrect results before.

[markhan-nping]

This may be a misunderstanding, it's the first time I've encountered this problem and it's helped me to learn more, thanks

[zakki]

A Domain name resolved to many IP addresses is true. But Google's domain name resolved to Facebook's IP? That is very odd.

[markhan-nping]

When I switch to vpn I get the right results, maybe GFW is causing the problem

[aboardRat4]

That's normal for most websites blocked in China.

They usually resolve to either other blocked websites to trigger a "dangerous website phishing" warning from the browser, or the ISP's own website pretending to be a captive portal.

[markhan-nping]

How about using the system's own ping command? Nping essentially calls the system's Ping command