Domain Name System

Google public DNS and user country determination. How?

For a site with staggered servers, we set up GeoDNS on our DNS server. We determine the country on the Bind by the IP address of the client, using the GeoIP base from Maxmind.

For the emuzo.net domain on the ns-server ns1.emuzo.net and ns2.emuzo.net we give ip ( IP-addresses 127.х.х.х are registered on DNS servers for visual purposes. ):
127.0.1.1 for USA
127.0 .1.2 for Germany
127.0.1.3 for Ukraine
127.0.1.4 for Russia
127.0.1.100 for all other countries

Everything works, but at the same time, we found that the user's country was determined incorrectly when he used DNS servers from Google (8.8.8.8).
So, for example, when using Google Public DNS in Ukraine, Google's recursive dns server 8.8.8.8 accesses our Bind from IP addresses that are determined by the Maxmind database as either DE or US, because are included in Google IP blocks.
Accordingly, the user is directed to 127.0.1.1 (USA) or 127.0.1.2 (Germany) instead of 127.0.1.3 (Ukraine).

Request from Ukraine using ISP DNS:
nslookup emuzo.net
╤хЁтхЁ: ns3.farlep.net
Address: 213.130.4.1 Untrustworthy
response:
╚ь : emuzo.net
Address: 127.0.1.3 — Ukraine

Request from Ukraine using Google DNS Public DNS:
nslookup emuzo.net 8.8.8.8
╤хЁтхЁ: google-public-dns-a.google.com
Address: 8.8.8.8 Untrustworthy
answer:
╚ь : emuzo.net
Address: 127.0.1.2 - Germany

We tried a paid service. When using the GeoDNS function from the leading DNS hosting service Zerigo.net, the situation is similar.
In the service settings, I registered the following IN A records for the emuzo.info domain:
127.0.0.1 for the USA
127.0.0.2 for Germany
127.0.0.3 for Ukraine
127.0.0.4 for Russia
127.0.0.5 for the rest of Europe
127.0.0.100 for all other countries

Request from Ukraine using ISP's DNS:
nslookup emuzo.info
╤хЁхЁ: ns3.farlep.net
Address: 213.130.4.1 Untrustworthy
response:
╚ь: emuzo.info
Address: 127.0.0.3 — Ukraine

Request from Ukraine using DNS-s Google Public DNS:
nslookup emuzo.info 8.8.8.8
╤хЁtхЁ: google-public-dns-a.google.com
Address: 8.8. 8.8 Untrustworthy
answer:
╚ь : emuzo.info
Address: 127.0.0.1 - USA

We have already come to terms with this problem as a GeoDNS overhead, BUT a CDN service (a content delivery network consisting of servers scattered around the world) accidentally came into view ) that solves this problem.

This CDN network provided the subdomain 493511490.r.cdnua.net for our tasks
;

And these DNS servers, unlike ours and Zerigo.net, correctly direct the user to servers in the desired country, even when the user uses DNS from Google.

Request from Ukraine using ISP's DNS:
nslookup 493511490.r.cdnua.net
╤хЁхЁ: ns3.farlep.net
Address: 213.130.4.1 Untrustworthy
response:
╚ь : 493511490.r.cdnua.net
Address: 82.118. 16.222 - Ukraine Query from Ukraine using Google Public

DNS : nslookup
493511490.r.cdnua.net ╚ь: 493511490.r.cdnua.net Address: 82.118.16.222 – Ukraine


directs to 82.118.16.222, located in Kharkov. Sometimes throws on the Kyiv server 77.222.131.2.

Now the question is: HOW does it work?

there was an idea that Google uses several IPs for each country, from which it recursively accesses an authoritative server. And the CDN network knows these addresses.
But a deep analysis of the DNS queries of another large site showed that, for example, the Google ip 74.125.189.18, which is actually presumably located in Germany, is used in recursive DNS queries from users not only in Ukraine, but also in Algeria, Egypt, Pakistan and other countries.

Help, please, to understand.

Thanks to everyone who read to the end! )