wget does not work on my router since the router's DNS queries return IPV6 as "Address 1" and IPV4 as "Address 2". wget (in busybox on the router) is not compatible with IPV6. Take my word that I can't use the IP of my API endpoint, instead of worrying about DNS.
The result format of the DNS query seems to have changed in February 3rd. No, the relevant website did not suddenly activate IPV6 on this date: they have been compatible with IPV6 since long before 2015. My ISP also implemented IPV6 in the middle of last year, but the subnet I am on is IPV4 and my public IP is also IPV4, so I don't think the provider has implemented IPV6 upstream, "bridging" IPV4 in the last mile, to have enough compatibility. I think maybe IPV4 all the way? Anyway, it is the DNS format itself that seems to have changed.
This is true in my main provider 126.96.36.199, as well as in other nameservers that I tried 188.8.131.52 and others.
Is this evidence that my ISP is hijacking DNS queries? Evidence against this hypothesis is that I get unique results from each DNS server. If the ISP was redirecting DNS queries to its own servers, the results would be the same regardless of which NS it was consulting. However, the results appear to be somewhat unique for each server consulted (nslookup google.com 184.108.40.206 is returning very different results from nslookup google.com 220.127.116.11, which would not be the case if the ISP was hijacking all queries)
To investigate more, I ran tracking routes. Interestingly, although I am using a VPN, Tracking routes for Google IP or any other do not go through VPN, but instead go through ISP addresses.
traceroute to 18.104.22.168 (22.214.171.124), 30 hops max, 38 byte packets
1 * * *
2 126.96.36.199 (188.8.131.52) 1.905 ms 7.033 ms 1.485 ms
3 184.108.40.206 (220.127.116.11) 1.750 ms 1.794 ms 1.549 ms
4 18.104.22.168 (22.214.171.124) 1.138 ms 1.155 ms 1.121 ms
5 * * *
6 126.96.36.199 (188.8.131.52) 2.212 ms 184.108.40.206 (220.127.116.11) 0.891 ms 18.104.22.168 (22.214.171.124) 3.096 ms
7 126.96.36.199 (188.8.131.52) 1.578 ms 184.108.40.206 (220.127.116.11) 1.759 ms 18.104.22.168 (22.214.171.124) 1.444 ms
8 126.96.36.199 (188.8.131.52) 41.023 ms 184.108.40.206 (220.127.116.11) 34.277 ms 18.104.22.168 (22.214.171.124) 32.577 ms
9 126.96.36.199 (188.8.131.52) 98.392 ms 184.108.40.206 (220.127.116.11) 98.043 ms 98.341 ms
10 18.104.22.168 (22.214.171.124) 183.352 ms 126.96.36.199 (188.8.131.52) 183.724 ms 184.108.40.206 (220.127.116.11) 185.052 ms
11 18.104.22.168 (22.214.171.124) 203.159 ms 203.522 ms 204.210 ms
12 126.96.36.199 (188.8.131.52) 211.632 ms 210.838 ms 184.108.40.206 (220.127.116.11) 203.069 ms
13 18.104.22.168 (22.214.171.124) 205.483 ms 203.185 ms 204.296 ms
14 126.96.36.199 (188.8.131.52) 203.448 ms 200.927 ms 200.182 ms
15 184.108.40.206 (220.127.116.11) 204.467 ms 202.214 ms 200.355 ms
Another oddity is that My IP address is at 10,216.. subnet but the jump to 10.216.0.1 is not seen in the route plot.
While exclusively, EXCLUSIVELY for DNS servers that I have configured in the router configuration and confirmed in /etc/resolv.conf on the router, running traceroute makes them go through the VPN endpoints. (Yes, I know that VPN packets must also pass through the ISP gateways, but traceroute will only inform VPN endpoints when it sees that VPN works)
In addition, it is from this date: February 3, the same date my API stopped working, my VPN has been ultra stable. It used to fall every 2 hours and reconnect in seconds. Record the ups and downs of the VPN to check usage later. And since February 3, the VPN has not fallen EVEN ONCE. (And yes, the registration script is still working; I verified it by manually activating / deactivating VPN on the router).
I don't understand what these strange patterns have to do with each other.
to. DNS that returns the AAAA record as "Address 1" instead of further down the list. This is happening since February 3.
yes. VPN is ultrastable, also from February 3.
C. traceroute going through ISP sites even if VPN is enabled.
re. traceroute going through VPN ONLY for DNS IPs that have been entered in Settings.
And that is the question, What do these patterns mean?