On Linux I do curl to api.binance.com
website and it gives me very long ms latency 0.177s, although the server is located just near binance servers.
# curl -o /dev/null -s -w 'Total: %{time_total}s\n' "https://api.binance.com/api/v3/time"
Total: 0.177313s
# curl -v -X GET "https://api.binance.com/api/v3/time"
Note: Unnecessary use of -X or --request, GET is already inferred.
* Trying 52.85.241.102:443...
* TCP_NODELAY set
* Connected to api.binance.com (52.85.241.102) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=KY; L=West Bay; O=Binance Holdings Limited; CN=*.binance.com
* start date: Feb 9 00:00:00 2023 GMT
* expire date: Feb 16 23:59:59 2024 GMT
* subjectAltName: host "api.binance.com" matched cert's "*.binance.com"
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=GeoTrust RSA CA 2018
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55beb5cf0300)
> GET /api/v3/time HTTP/2
> Host: api.binance.com
> user-agent: curl/7.68.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200
< content-type: application/json;charset=UTF-8
< content-length: 28
< date: Tue, 17 Oct 2023 22:52:16 GMT
< server: nginx
< x-mbx-uuid: fb406f0d-016b-4bf4-8866-0247a6b7b2ef
< x-mbx-used-weight: 1
< x-mbx-used-weight-1m: 1
< strict-transport-security: max-age=31536000; includeSubdomains
< x-frame-options: SAMEORIGIN
< x-xss-protection: 1; mode=block
< x-content-type-options: nosniff
< content-security-policy: default-src 'self'
< x-content-security-policy: default-src 'self'
< x-webkit-csp: default-src 'self'
< cache-control: no-cache, no-store, must-revalidate
< pragma: no-cache
< expires: 0
< access-control-allow-origin: *
< access-control-allow-methods: GET, HEAD, OPTIONS
< x-cache: Miss from cloudfront
< via: 1.1 a62f7ce6b39c676fcfdde0f9a6fcf08e.cloudfront.net (CloudFront)
< x-amz-cf-pop: ARN1-C1
< x-amz-cf-id: DYu01YZH94O-f5FVTEfzM9MFDwm6_HutV0Sz24IiKDi-5p9VKf7sRg==
<
* Connection #0 to host api.binance.com left intact
{"serverTime":1697583136754}
Let's fin closest binance server:
# dig api.binance.com +short
d3h36i1mno13q3.cloudfront.net.
18.238.65.94
We see new IP address 18.238.65.94. Now let's check and replace:
# curl -o /dev/null -s -w 'Total: %{time_total}s\n' "http://18.238.65.94/api/v3/time"
Total: 0.023214s
Very good, 0.023s latency is perfect. Let's get http content:
# curl -X GET "http://18.238.65.94/api/v3/time"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>403 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Bad request.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: bJnE_LCwjuJSaxKb-e0X_A9qnpeYuACYLonB2l5t4lLo9SLNonkXiA==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>
If I add SSL, getting another error:
# curl -X GET "https://18.238.65.94/api/v3/time"
curl: (60) SSL: no alternative certificate subject name matches target host name '18.238.65.94'
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
As we see, both requests give errors.
Q: So, how can I correctly change api.binance.com
network root for IP that I found with closest server and get http results?
--connect-to
or--resolve
; see the man page. But I concur this will only speed connection to the CF frontend, not response from the actual Binance server(s). And it will always be https, not http which is slightly faster but not secure. PS: the word you wanted is network 'route' not 'root'.