Answer the question
In order to leave comments, you need to log in
Google public DNS and user country determination. How?
For a site with staggered servers, we set up GeoDNS on our DNS server. We determine the country on the Bind by the IP address of the client, using the GeoIP base from Maxmind.
For the emuzo.net domain on the ns-server ns1.emuzo.net and ns2.emuzo.net we give ip ( IP-addresses 127.х.х.х are registered on DNS servers for visual purposes. ):
127.0.1.1 for USA
127.0 .1.2 for Germany
127.0.1.3 for Ukraine
127.0.1.4 for Russia
127.0.1.100 for all other countries
Everything works, but at the same time, we found that the user's country was determined incorrectly when he used DNS servers from Google (8.8.8.8).
So, for example, when using Google Public DNS in Ukraine, Google's recursive dns server 8.8.8.8 accesses our Bind from IP addresses that are determined by the Maxmind database as either DE or US, because are included in Google IP blocks.
Accordingly, the user is directed to 127.0.1.1 (USA) or 127.0.1.2 (Germany) instead of 127.0.1.3 (Ukraine).
Request from Ukraine using ISP DNS:
nslookup emuzo.net
╤хЁтхЁ: ns3.farlep.net
Address: 213.130.4.1 Untrustworthy
response:
╚ь : emuzo.net
Address: 127.0.1.3 — Ukraine
Request from Ukraine using Google DNS Public DNS:
nslookup emuzo.net 8.8.8.8
╤хЁтхЁ: google-public-dns-a.google.com
Address: 8.8.8.8 Untrustworthy
answer:
╚ь : emuzo.net
Address: 127.0.1.2 - Germany
We
tried a paid service. When using the GeoDNS function from the leading DNS hosting service Zerigo.net, the situation is similar.
In the service settings, I registered the following IN A records for the emuzo.info domain:
127.0.0.1 for the USA
127.0.0.2 for Germany
127.0.0.3 for Ukraine
127.0.0.4 for Russia
127.0.0.5 for the rest of Europe
127.0.0.100 for all other countries
Request from Ukraine using ISP's DNS:
nslookup emuzo.info
╤хЁхЁ: ns3.farlep.net
Address: 213.130.4.1 Untrustworthy
response:
╚ь: emuzo.info
Address: 127.0.0.3 — Ukraine
Request from Ukraine using DNS-s Google Public DNS:
nslookup emuzo.info 8.8.8.8
╤хЁtхЁ: google-public-dns-a.google.com
Address: 8.8. 8.8 Untrustworthy
answer:
╚ь : emuzo.info
Address: 127.0.0.1 - USA
We have already come to terms with this problem as a GeoDNS overhead, BUT a CDN service (a content delivery network consisting of servers scattered around the world) accidentally came into view ) that solves this problem.
This CDN network provided the subdomain 493511490.r.cdnua.net for our tasks
;
And these DNS servers, unlike ours and Zerigo.net, correctly direct the user to servers in the desired country, even when the user uses DNS from Google.
Request from Ukraine using ISP's DNS:
nslookup 493511490.r.cdnua.net
╤хЁхЁ: ns3.farlep.net
Address: 213.130.4.1 Untrustworthy
response:
╚ь : 493511490.r.cdnua.net
Address: 82.118. 16.222 - Ukraine Query from Ukraine using Google
Public
DNS
:
nslookup
493511490.r.cdnua.net
╚ь: 493511490.r.cdnua.net
Address: 82.118.16.222 – Ukraine
directs to 82.118.16.222, located in Kharkov. Sometimes throws on the Kyiv server 77.222.131.2.
Now the question is: HOW does it work?
there was an idea that Google uses several IPs for each country, from which it recursively accesses an authoritative server. And the CDN network knows these addresses.
But a deep analysis of the DNS queries of another large site showed that, for example, the Google ip 74.125.189.18, which is actually presumably located in Germany, is used in recursive DNS queries from users not only in Ukraine, but also in Algeria, Egypt, Pakistan and other countries.
Help, please, to understand.
Thanks to everyone who read to the end! )
Answer the question
In order to leave comments, you need to log in
thanks, figured it out
Developers.google.com
In addition, Google Public DNS engineers have proposed a technical solution to the issue in an IETF draft, Client subnet information in DNS requests. This proposal defines an EDNS0 extension which allows resolvers to pass in part of the client's IP address as the source IP in the DNS message, so that nameservers can return optimized results based on the user's location rather than that of the resolver.
everything is passed in the extended header of the DNS request. That's how!
Thanks everyone, issue closed
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question