To provide geolocation-aware answers with BIND, a common
solution is to use a patch adding GeoIP support. A client can
be directed to the closest (and hopefully fastest) web server:
However, an end user does not usually talk directly to authoritative
servers. They proxy the query to a third-party recursor server
which will query the authoritative server on their behalf. The
recursor also caches the answer to be able to serve it directly to
other clients.
On most cases, we can still rely on the recursor GeoIP location to
forward the client to the closest web server because it is located in
the client’s ISP network, as shown on the following schema:
Juan is located in China and wants to know the IP address of
www.example.com. She queries her ISP resolver.
The resolver asks the authoritative server for the answer.
Because the IP address of the resolver is located in China, the
authoritative server decides to answer with the IP address of the
web server located in Japan which is the closest one.
Juan can now enjoy short round-trips with the web server.
However, this is not the case when using a public recursor as provided
by Google or OpenDNS. In this case, the IP address of the end
client and the source IP address of the recursor may not share the same
locality. For example, in the following schema, the authoritative
server now thinks it is in relation with an European customer and
answers with the IP address of the web server located in Europe:
Moreover, caching makes the problem worse.
To solve this problem, a new
EDNS extension to expose the client subnet has been proposed. When
using this extension, the recursor will provide the client subnet to
the authoritative server for it to build an optimized reply. The
subnet is vague enough to respect client’s privacy but precise enough
to be able to locate it. A patched version of dig allows one
to make queries with this new extension:
In the above example, a client located in France gets a reply with two IP
addresses located in France. If we now are an US client, we will get
IP addresses located in the US:
The recursor is expected to cache the two different answers and only
serve them if the client matches the appropriate subnet (the one
confirmed in the answer from the authoritative server). With this new
extension, the authoritative server knows that Juan is located in
China and answers with the appropriate IP address:
Not many authoritative servers support this extension (PowerDNS
and gdnsd, as far as I know). At Dailymotion, we have built a
patch for BIND. It only works when BIND is
configured as an authoritative server and it doesn’t expose no
configuration knobs. Feel free to use it (at your own risk). Once
installed, you need to register yourself to OpenDNS and to
Google to receive queries with the extension enabled.