Apple Software Update on Microsoft Windows systems

When I checked what sites the program connects to when it is run using Microsoft's Process Explorer, I found it established an HTTP connection on port 80 to usqas2-vip-bx-002.aaplimg.com (17.253.21.202). That IP address is in the 17.0.0.0/8 block of IP addresses, 17.0.0.0 - 17.255.255.255, assigned to Apple Inc. by the American Registry for Internet Numbers (ARIN).

I also found it connecting to an IP address that resolved to a host name in the domain name for the Internet Service Provider (ISP) for the location where the system resides. Checking further with Wireshark a free and open-source (FOSS) packet analyzer, I observed DNS lookups for the following fully qualified domain names (FQDNs):

C:\>nslookup
Default Server:  ns1.acme.local
Address:  192.168.0.5

> set query=all
> swcdn.apple.com
Server:  ns1.acme.local
Address:  192.168.0.5

Non-authoritative answer:
swcdn.apple.com canonical name = swcdn.apple.com.akadns.net
> swcdn.apple.com.akadns.net
Server:  ns1.acme.local
Address:  192.168.0.5

Non-authoritative answer:
swcdn.apple.com.akadns.net      canonical name = swcdn.g.aaplimg.com

swcdn.g.aaplimg.com     internet address = 17.253.21.204
swcdn.g.aaplimg.com     internet address = 17.253.21.202
> swcdn.g.aaplimg.com
Server:  ns1.acme.local
Address:  192.168.0.5

swcdn.g.aaplimg.com     internet address = 17.253.21.202
swcdn.g.aaplimg.com     internet address = 17.253.21.204
>

I.e., two DNS A records are returned for the query: 17.253.21.202 and 17.253.21.204. I found the system on which I ran the Apple Software Update software was using the .202 address.

For the swcatalog.apple.com DNS lookup, the IP address the system on which I ran the software used was one in the IP address space for the ISP providing network connectivity for the system. For this particular system, that IP address was 72.45.50.168 at one time when I ran the software to check for updates, but 72.45.50.169 when I reran the Apple Software Update program after I rebooted the system. But when I checked on a system at another location using Verizon as the ISP, I found that swcatalog.apple.com resolved to two IP addresses quite different from the two I saw on the system where I ran the Apple Software Update program.

C:\>nslookup
*** Can't find server name for address 192.168.0.8: Non-existent domain
Default Server:  UnKnown
Address:  192.168.0.8

> set querytype=any
> swcatalog.apple.com
Non-authoritative answer:
Server:  UnKnown
Address:  192.168.0.8

swcatalog.apple.com     canonical name = swcatalog.apple.com.edgesuite.net
> swcatalog.apple.com.edgesuite.net
Non-authoritative answer:
Server:  UnKnown
Address:  192.168.0.8

swcatalog.apple.com.edgesuite.net       canonical name = swcatalog.apple.com.edgesuite.net.globalredir.akadns.net
> swcatalog.apple.com.edgesuite.net.globalredir.akadns.net
Non-authoritative answer:
Server:  UnKnown
Address:  192.168.0.8

swcatalog.apple.com.edgesuite.net.globalredir.akadns.net        canonical name = a976.gi3.akamai.net

a976.gi3.akamai.net     internet address = 184.51.108.24
a976.gi3.akamai.net     internet address = 184.51.108.8

> 8.108.51.184.in-addr.arpa
Non-authoritative answer:
Server:  UnKnown
Address:  192.168.0.8

8.108.51.184.in-addr.arpa       name = a184-51-108-8.deploy.static.akamaitechnologies.com
>

The two IP addresses returned, 184.51.108.24 and 184.51.108.8, are in a block of IP addresses assigned by ARIN to Akamai Technologies.

The reason for the different IP addresses returned for a DNS lookup for swcatalog.apple.com none of which were IP addresses assigned to Apple by a Regional Internet Registry (RIR) is that Apple is using a content delivery network (CDN) provided by Akamai Technologies. So it appears that Apple pays Akamai Technologies to provide servers hosting some of its content closer to end users and Akamai Technologies may in turn be paying the ISP to host its servers in an ISP data center. So a user of that ISP attempting to access updates for Apple software would see a faster response than he/she might otherwise experience, since the servers responding will be fairly close to the user in terms of network hops.

With Wireshark, I found the URL accessed was http://swcatalog.apple.com/content/catalogs/others/index-windows-1.sucatalog. But the web server responding was one in the ISP's IP address space, since swcatlog.apple.com resolved to an IP address assigned to the ISP. So that explained why the Apple Software Update software was estabishing an HTTP connection to an IP address belonging to the ISP.

An Akamai Technologies name server appears to be able to determine the nearest server capable of providing the content and so provide an appropriate IP address. E.g., if I set nslookup to use a Google DNS server so that the ISP's name servers aren't involved in providing the IP address corresponding to swcatalog.apple.com, I still see the ISP's .168 and .169 servers listed if I go through the aliases to reach the canonical address for swcatalog.apple.com.

C:\>nslookup
Default Server:  ns1.acme.local
Address:  192.168.0.5

> server 8.8.8.8
Default Server:  google-public-dns-a.google.com
Address:  8.8.8.8

> set querytype=any
> swcatalog.apple.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
swcatalog.apple.com     canonical name = swcatalog.apple.com.edgesuite.net
> swcatalog.apple.com.edgesuite.net
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
swcatalog.apple.com.edgesuite.net       canonical name = swcatalog.apple.com.edgesuite.net.globalredir.akadns.net
> swcatalog.apple.com.edgesuite.net.globalredir.akadns.net
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
swcatalog.apple.com.edgesuite.net.globalredir.akadns.net        canonical name = a976.gi3.akamai.net
> a976.gi3.akamai.net
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
a976.gi3.akamai.net     internet address = 72.45.50.169
a976.gi3.akamai.net     internet address = 72.45.50.168
>