How does GeoDNS work?
Say you’re serving static files to clients and want to minimize their request latency. The latency between sending the request and receiving the response is mostly due to the distance between the client and your server, i.e. due to time spent by packets on the network. So the way to reduce this latency is to move your server closer to the client. But since your clients are all over the globe, this means you need many servers, spread all over the globe, so that clients can query the server closest to them. The question then arises: how can you connect a client to the server which is geographically closest to them?
One answer is GeoDNS. When a client queries your DNS server, the DNS server looks up the location of the client based on their public IP address in the DNS query packet. The DNS server finds the closest file server to this location, and returns this file server’s IP address in the DNS answer.
This method relies on some method to resolve an IP address to a geographical coordinate. For instance, geoiptool.com resolves my current IP to a coordinate that is within a kilometer of my real location. This technique is known as geo IP.
So how does geo IP work? All services use a database. The most popular is GeoIP by MaxMind, but there are others. They are available at various levels of granularity. A small one is their IP-to-country database. One file in here is
GeoLite2-Country-Blocks-IPv4.csv, which looks like:
network,geoname_id,registered_country_geoname_id,represented_country_geoname_id,is_anonymous_proxy,is_satellite_provider 184.108.40.206/24,2077456,2077456,,0,0 220.127.116.11/24,1814991,1814991,,0,0 18.104.22.168/23,1814991,1814991,,0,0 22.214.171.124/22,2077456,2077456,,0,0 126.96.36.199/21,1814991,1814991,,0,0 188.8.131.52/20,1861060,1861060,,0,0 184.108.40.206/19,1814991,1814991,,0,0 220.127.116.11/18,1861060,1861060,,0,0 ...
The first column is an IP address range. The second column identifies the country. We can forget the other columns for now.
An example. My IP yesterday at the weekend was
18.104.22.168. Since the lines are ordered, I can binary search for this, to find all the blocks
22.214.171.124/22,798544,798544,,0,0 126.96.36.199/22,130758,130758,,0,0 188.8.131.52/22,2635167,2635167,,0,0 184.108.40.206/22,2017370,2017370,,0,0 220.127.116.11/22,2017370,2017370,,0,0 18.104.22.168/22,6252001,6252001,,0,0 22.214.171.124/22,2635167,2635167,,0,0 126.96.36.199/22,3017382,3017382,,0,0 188.8.131.52/22,2921044,2921044,,0,0 184.108.40.206/22,272103,272103,,0,0 220.127.116.11/22,2017370,2017370,,0,0 18.104.22.168/22,3175395,3175395,,0,0 22.214.171.124/22,3017382,3017382,,0,0 126.96.36.199/22,2802361,2802361,,0,0 188.8.131.52/22,2750405,2750405,,0,0 184.108.40.206/22,3175395,3175395,,0,0 220.127.116.11/21,3175395,3175395,,0,0 18.104.22.168/22,2963597,2963597,,0,0 22.214.171.124/22,130758,130758,,0,0 126.96.36.199/22,3175395,3175395,,0,0 188.8.131.52/22,690791,690791,,0,0 184.108.40.206/22,587116,587116,,0,0 220.127.116.11/22,3017382,3017382,,0,0 18.104.22.168/22,2017370,2017370,,0,0 22.214.171.124/22,2623032,2623032,,0,0 126.96.36.199/22,2017370,2017370,,0,0 188.8.131.52/22,3175395,3175395,,0,0 184.108.40.206/22,3175395,3175395,,0,0 220.127.116.11/22,2017370,2017370,,0,0 18.104.22.168/22,3057568,3057568,,0,0 22.214.171.124/22,798544,798544,,0,0 126.96.36.199/21,3017382,3017382,,0,0 188.8.131.52/22,3190538,3190538,,0,0 184.108.40.206/22,2510769,2510769,,0,0 220.127.116.11/22,783754,783754,,0,0 18.104.22.168/22,102358,102358,,0,0 22.214.171.124/22,2661886,2661886,,0,0 126.96.36.199/22,2921044,2921044,,0,0 188.8.131.52/22,2623032,2623032,,0,0 184.108.40.206/22,2750405,2750405,,0,0 220.127.116.11/22,2960313,2960313,,0,0 18.104.22.168/22,2750405,2750405,,0,0 22.214.171.124/22,3175395,3175395,,0,0 126.96.36.199/22,2629691,2629691,,0,0 188.8.131.52/22,3175395,3175395,,0,0 184.108.40.206/22,2017370,2017370,,0,0 220.127.116.11/22,2510769,2510769,,0,0 18.104.22.168/22,690791,690791,,0,0 22.214.171.124/22,2750405,2750405,,0,0 126.96.36.199/22,3017382,3017382,,0,0 188.8.131.52/22,2635167,2635167,,0,0 184.108.40.206/22,3017382,3017382,,0,0 220.127.116.11/22,2017370,2017370,,0,0 18.104.22.168/22,3144096,3144096,,0,0 22.214.171.124/22,2017370,2017370,,0,0 126.96.36.199/21,2750405,2750405,,0,0 188.8.131.52/21,2510769,2510769,,0,0 184.108.40.206/22,248816,248816,,0,0 220.127.116.11/22,2802361,2802361,,0,0
To match the third and fourth octets of my IP address, we need to understand those IP address ranges. They are in “CIDR notation”. The range
ip/n after the slash matches any IP address whose first n bits match the first n bits of ip. For example,
18.104.22.168/18 matches any IP address whose first 18 bits match the first 18 bits of
22.214.171.124. Since there are 32 bits in an IP address (in IPv4), the range
2^(32-n) IP addresses. Thus a larger n corresponds to a smaller range; incrementing n halves the size of the range. A
ip/32 range contains just the one address
ip/0 range contains all addresses.
Most of the ranges above are
/22s, which contain
2^(32-22) = 1024 addresses each. There are some
/21s, which contain 2048 addresses each. Both of these ranges are awkward to read, because they don’t fall cleanly into an integral number of octets.
It so happens that my IP address,
126.96.36.199, is in the following row, because
This gives me the country id
2802361. What does this mean? MaxMind provide another file in the zip,
GeoLite2-Country-Locations-en.csv, with rows like:
geoname_id,locale_code,continent_code,continent_name,country_iso_code,country_name ... 2658434,en,EU,Europe,CH,Switzerland 2661886,en,EU,Europe,SE,Sweden 2750405,en,EU,Europe,NL,Netherlands 2782113,en,EU,Europe,AT,Austria 2802361,en,EU,Europe,BE,Belgium 2921044,en,EU,Europe,DE,Germany 2960313,en,EU,Europe,LU,Luxembourg 2963597,en,EU,Europe,IE,Ireland 2993457,en,EU,Europe,MC,Monaco ...
So the country id for my IP address is Belgium. That’s correct! I was at FOSDEM, a conference in Brussels.
Now, a more interesting question is: how do MaxMind construct their downloadable database? I’ll cover that in a future blog post.
More by Jim
- Your syntax highlighter is wrong
- Granddad died today
- The Three Ts of Time, Thought and Typing: measuring cost on the web
- I hate telephones
- The sorry state of OpenSSL usability
- The dots do matter: how to scam a Gmail user
- My parents are Flat-Earthers
- How Hacker News stays interesting
- Project C-43: the lost origins of asymmetric crypto
- The hacker hype cycle
- The inception bar: a new phishing method
- Time is running out to catch COVID-19
- A probabilistic pub quiz for nerds
- Smear phishing: a new Android vulnerability
Tagged . All content copyright James Fisher 2017. This post is not associated with my employer. Found an error? Edit this page.