Getting the WAN IP: difference between HTTP and DNS

Question

I, traditionally, always had an alias/function for easy access to my WAN IP from the CLI:

$ type -a whatismyip 
whatismyip is a function
whatismyip () 
{ 
    curl ipv4.icanhazip.com
}

This alias was created many years ago, possibly using a different domain, but always using HTTP.

Recently I discovered that more and more frequently referenced one-liner, which finds the same information through DNS.

But is it really the same?

While writing this, I am using 4G tethering, and the results differ between protocols.

Even more surprising, they differ also between DNS servers.

And funnily, ns1.google.com, has different results from 8.8.8.8.

$ whatismyip 
92.251.255.11

$ dig +short myip.opendns.com @resolver1.opendns.com
178.167.254.133

$ dig TXT +short o-o.myaddr.l.google.com @8.8.8.8
"74.125.73.77"
"edns0-client-subnet 178.167.255.120/32"

$ dig TXT +short o-o.myaddr.l.google.com @ns1.google.com
"178.167.255.120"

$ ifconfig | grep 'inet addr:'
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet addr:192.168.42.125  Bcast:192.168.42.255  Mask:255.255.255.0
          inet addr:10.47.206.109  Bcast:10.63.255.255  Mask:255.192.0.0

Anyone having the spirit of explaining this in some detail ? :)

~~EDIT: Just to clarify, I tried all of the above commands in some extent, and they provide consistent results.~~

~~EDIT2: I originally forgot to post the whatismyip results, but none of the DNS queries matched the HTTP one. I'm trying to reproduce it, unsuccessfully, yet. I have to go back to that Café :)~~

EDIT3: I went back there and got new data. Consistent as last time !

argaz · Answer 1 · 2016-04-17T14:41:51.450

0

Two of the DNS queries you made:

$ dig +short myip.opendns.com @resolver1.opendns.com
$ dig TXT +short o-o.myaddr.l.google.com @ns1.google.com

were supposed to return the same address: your external IP. Maybe your external IP has changed between your requests and that's why you got different results. It's not in any way part of the DNS protocol but rather a trick that was made possible by those DNS servers of returning the IP that originated the query. Those and few other DNS tricks are listed in this post.

On the other hand:

$ dig TXT +short o-o.myaddr.l.google.com @8.8.8.8

can't give you the client's IP because 8.8.8.8 is not the authoritative DNS server of o-o.myaddr.l.google.com (ns1.google.com is) so it doesn't get your IP directly and the response you are seeing is a best effort approximation that is allowed by the DNS protocol (description line by line):

The IP address of the DNS resolver that contacted the authoritative server for the TXT record.
If available, the subnet (edns-client-subnet) of the client (you in this case) on whose behalf the DNS resolver made the query.

For more details on edns-client-subnet you can read this article.

edited Apr 17 '16 at 14:41

answered Apr 17 '16 at 10:38

argaz

1,458
10
15

I added a clarification in the question. My external IP did not change. – Stefanos Kalantzis Apr 17 '16 at 13:17
which of the DNS queries matches the HTTP IP? – argaz Apr 17 '16 at 13:21
was the HTTP one also from the 178.167.254/255 subnet? – argaz Apr 17 '16 at 14:12
no, it was from a completely different one. 86.45. something – Stefanos Kalantzis Apr 17 '16 at 14:20
This is really strange, my answer describes the behavior on my network, which is a typical home network behind a NAT. Maybe your network used some kind of proxies for different requests. – argaz Apr 18 '16 at 04:50
I went back there and got all the details. Results consistent as last time :) – Stefanos Kalantzis Jul 03 '16 at 13:11

Getting the WAN IP: difference between HTTP and DNS

1 Answers1