How does GeoDNS work?

Say you’re serving static files to clients and want to minimize their request latency. The latency between sending the request and receiving the response is mostly due to the distance between the client and your server, i.e. due to time spent by packets on the network. So the way to reduce this latency is to move your server closer to the client. But since your clients are all over the globe, this means you need many servers, spread all over the globe, so that clients can query the server closest to them. The question then arises: how can you connect a client to the server which is geographically closest to them?

One answer is GeoDNS. When a client queries your DNS server, the DNS server looks up the location of the client based on their public IP address in the DNS query packet. The DNS server finds the closest file server to this location, and returns this file server’s IP address in the DNS answer.

This method relies on some method to resolve an IP address to a geographical coordinate. For instance, geoiptool.com resolves my current IP to a coordinate that is within a kilometer of my real location. This technique is known as geo IP.

So how does geo IP work? All services use a database. The most popular is GeoIP by MaxMind, but there are others. They are available at various levels of granularity. A small one is their IP-to-country database. One file in here is GeoLite2-Country-Blocks-IPv4.csv, which looks like:

network,geoname_id,registered_country_geoname_id,represented_country_geoname_id,is_anonymous_proxy,is_satellite_provider
1.0.0.0/24,2077456,2077456,,0,0
1.0.1.0/24,1814991,1814991,,0,0
1.0.2.0/23,1814991,1814991,,0,0
1.0.4.0/22,2077456,2077456,,0,0
1.0.8.0/21,1814991,1814991,,0,0
1.0.16.0/20,1861060,1861060,,0,0
1.0.32.0/19,1814991,1814991,,0,0
1.0.64.0/18,1861060,1861060,,0,0
...

The first column is an IP address range. The second column identifies the country. We can forget the other columns for now.

An example. My IP yesterday at the weekend was 185.30.54.157. Since the lines are ordered, I can binary search for this, to find all the blocks 185.30.*.*:

185.30.0.0/22,798544,798544,,0,0
185.30.4.0/22,130758,130758,,0,0
185.30.8.0/22,2635167,2635167,,0,0
185.30.12.0/22,2017370,2017370,,0,0
185.30.16.0/22,2017370,2017370,,0,0
185.30.20.0/22,6252001,6252001,,0,0
185.30.24.0/22,2635167,2635167,,0,0
185.30.28.0/22,3017382,3017382,,0,0
185.30.32.0/22,2921044,2921044,,0,0
185.30.36.0/22,272103,272103,,0,0
185.30.40.0/22,2017370,2017370,,0,0
185.30.44.0/22,3175395,3175395,,0,0
185.30.48.0/22,3017382,3017382,,0,0
185.30.52.0/22,2802361,2802361,,0,0
185.30.56.0/22,2750405,2750405,,0,0
185.30.60.0/22,3175395,3175395,,0,0
185.30.64.0/21,3175395,3175395,,0,0
185.30.72.0/22,2963597,2963597,,0,0
185.30.76.0/22,130758,130758,,0,0
185.30.80.0/22,3175395,3175395,,0,0
185.30.84.0/22,690791,690791,,0,0
185.30.88.0/22,587116,587116,,0,0
185.30.92.0/22,3017382,3017382,,0,0
185.30.96.0/22,2017370,2017370,,0,0
185.30.100.0/22,2623032,2623032,,0,0
185.30.104.0/22,2017370,2017370,,0,0
185.30.108.0/22,3175395,3175395,,0,0
185.30.112.0/22,3175395,3175395,,0,0
185.30.116.0/22,2017370,2017370,,0,0
185.30.120.0/22,3057568,3057568,,0,0
185.30.124.0/22,798544,798544,,0,0
185.30.128.0/21,3017382,3017382,,0,0
185.30.136.0/22,3190538,3190538,,0,0
185.30.140.0/22,2510769,2510769,,0,0
185.30.144.0/22,783754,783754,,0,0
185.30.148.0/22,102358,102358,,0,0
185.30.152.0/22,2661886,2661886,,0,0
185.30.156.0/22,2921044,2921044,,0,0
185.30.160.0/22,2623032,2623032,,0,0
185.30.164.0/22,2750405,2750405,,0,0
185.30.172.0/22,2960313,2960313,,0,0
185.30.176.0/22,2750405,2750405,,0,0
185.30.180.0/22,3175395,3175395,,0,0
185.30.184.0/22,2629691,2629691,,0,0
185.30.188.0/22,3175395,3175395,,0,0
185.30.192.0/22,2017370,2017370,,0,0
185.30.196.0/22,2510769,2510769,,0,0
185.30.200.0/22,690791,690791,,0,0
185.30.204.0/22,2750405,2750405,,0,0
185.30.208.0/22,3017382,3017382,,0,0
185.30.212.0/22,2635167,2635167,,0,0
185.30.216.0/22,3017382,3017382,,0,0
185.30.220.0/22,2017370,2017370,,0,0
185.30.224.0/22,3144096,3144096,,0,0
185.30.228.0/22,2017370,2017370,,0,0
185.30.232.0/21,2750405,2750405,,0,0
185.30.240.0/21,2510769,2510769,,0,0
185.30.248.0/22,248816,248816,,0,0
185.30.252.0/22,2802361,2802361,,0,0

To match the third and fourth octets of my IP address, we need to understand those IP address ranges. They are in “CIDR notation”. The range ip/n after the slash matches any IP address whose first n bits match the first n bits of ip. For example, 1.0.64.0/18 matches any IP address whose first 18 bits match the first 18 bits of 1.0.64.0. Since there are 32 bits in an IP address (in IPv4), the range ip/n contains 2^(32-n) IP addresses. Thus a larger n corresponds to a smaller range; incrementing n halves the size of the range. A ip/32 range contains just the one address ip; an ip/0 range contains all addresses.

Most of the ranges above are /22s, which contain 2^(32-22) = 1024 addresses each. There are some /21s, which contain 2048 addresses each. Both of these ranges are awkward to read, because they don’t fall cleanly into an integral number of octets.

It so happens that my IP address, 185.30.54.157, is in the following row, because 185.30.52.0/22 matches 185.30.54.157:

185.30.52.0/22,2802361,2802361,,0,0

This gives me the country id 2802361. What does this mean? MaxMind provide another file in the zip, GeoLite2-Country-Locations-en.csv, with rows like:

geoname_id,locale_code,continent_code,continent_name,country_iso_code,country_name
...
2658434,en,EU,Europe,CH,Switzerland
2661886,en,EU,Europe,SE,Sweden
2750405,en,EU,Europe,NL,Netherlands
2782113,en,EU,Europe,AT,Austria
2802361,en,EU,Europe,BE,Belgium
2921044,en,EU,Europe,DE,Germany
2960313,en,EU,Europe,LU,Luxembourg
2963597,en,EU,Europe,IE,Ireland
2993457,en,EU,Europe,MC,Monaco
...

So the country id for my IP address is Belgium. That’s correct! I was at FOSDEM, a conference in Brussels.

Now, a more interesting question is: how do MaxMind construct their downloadable database? I’ll cover that in a future blog post.

Tagged #dns, #networking.
👋 I'm Jim, a full-stack product engineer. Want to build an amazing product and a profitable business? Read more about me or Get in touch!

Similar posts

How can I do DNS lookup in Go?
Using the Go "net" package to look up IP addresses for a given domain name, using either the C stdlib or a pure Go DNS resolver. 2017-08-03
What do DNS datagrams look like?
The structure and contents of a DNS request datagram, including the header, question section, and how to represent it in C. 2016-12-31
How does reverse DNS lookup work?
Reverse DNS lookup maps an IP address to a domain name by querying PTR records. The mapping is not always consistent with the forward DNS lookup. 2018-02-09
How to run Redis Sentinel
Redis Sentinel provides high availability for Redis. We start a Redis master, then three Redis Sentinel instances. They discover each other, then we trigger a failover. 2019-01-08
What is HTTP keep-alive? What is HTTP request pipelining?
HTTP keep-alive allows reusing the same TCP connection for multiple requests, avoiding the overhead of opening a new connection. HTTP request pipelining sends multiple requests without waiting for their responses. 2018-03-27
How does network address translation work?
NAT allows multiple devices in a local network to share a single public IP address. Routers modify IP and port information in network packets, and manage a translation table. 2018-03-02

Similar posts

How can I do DNS lookup in Go?
Using the Go "net" package to look up IP addresses for a given domain name, using either the C stdlib or a pure Go DNS resolver. 2017-08-03
What do DNS datagrams look like?
The structure and contents of a DNS request datagram, including the header, question section, and how to represent it in C. 2016-12-31
How does reverse DNS lookup work?
Reverse DNS lookup maps an IP address to a domain name by querying PTR records. The mapping is not always consistent with the forward DNS lookup. 2018-02-09
How to run Redis Sentinel
Redis Sentinel provides high availability for Redis. We start a Redis master, then three Redis Sentinel instances. They discover each other, then we trigger a failover. 2019-01-08
What is HTTP keep-alive? What is HTTP request pipelining?
HTTP keep-alive allows reusing the same TCP connection for multiple requests, avoiding the overhead of opening a new connection. HTTP request pipelining sends multiple requests without waiting for their responses. 2018-03-27
How does network address translation work?
NAT allows multiple devices in a local network to share a single public IP address. Routers modify IP and port information in network packets, and manage a translation table. 2018-03-02

More by Jim

What does the dot do in JavaScript?
foo.bar, foo.bar(), or foo.bar = baz - what do they mean? A deep dive into prototypical inheritance and getters/setters. 2020-11-01
Smear phishing: a new Android vulnerability
Trick Android to display an SMS as coming from any contact. Convincing phishing vuln, but still unpatched. 2020-08-06
A probabilistic pub quiz for nerds
A “true or false” quiz where you respond with your confidence level, and the optimal strategy is to report your true belief. 2020-04-26
Time is running out to catch COVID-19
Simulation shows it’s rational to deliberately infect yourself with COVID-19 early on to get treatment, but after healthcare capacity is exceeded, it’s better to avoid infection. Includes interactive parameters and visualizations. 2020-03-14
The inception bar: a new phishing method
A new phishing technique that displays a fake URL bar in Chrome for mobile. A key innovation is the “scroll jail” that traps the user in a fake browser. 2019-04-27
The hacker hype cycle
I got started with simple web development, but because enamored with increasingly esoteric programming concepts, leading to a “trough of hipster technologies” before returning to more productive work. 2019-03-23
Project C-43: the lost origins of asymmetric crypto
Bob invents asymmetric cryptography by playing loud white noise to obscure Alice’s message, which he can cancel out but an eavesdropper cannot. This idea, published in 1944 by Walter Koenig Jr., is the forgotten origin of asymmetric crypto. 2019-02-16
How Hacker News stays interesting
Hacker News buried my post on conspiracy theories in my family due to overheated discussion, not censorship. Moderation keeps the site focused on interesting technical content. 2019-01-26
My parents are Flat-Earthers
For decades, my parents have been working up to Flat-Earther beliefs. From Egyptology to Jehovah’s Witnesses to theories that human built the Moon billions of years in the future. Surprisingly, it doesn’t affect their successful lives very much. For me, it’s a fun family pastime. 2019-01-20
The dots do matter: how to scam a Gmail user
Gmail’s “dots don’t matter” feature lets scammers create an account on, say, Netflix, with your email address but different dots. Results in convincing phishing emails. 2018-04-07
The sorry state of OpenSSL usability
OpenSSL’s inadequate documentation, confusing key formats, and deprecated interfaces make it difficult to use, despite its importance. 2017-12-02
I hate telephones
I hate telephones. Some rational reasons: lack of authentication, no spam filtering, forced synchronous communication. But also just a visceral fear. 2017-11-08
The Three Ts of Time, Thought and Typing: measuring cost on the web
Businesses often tout “free” services, but the real costs come in terms of time, thought, and typing required from users. Reducing these “Three Ts” is key to improving sign-up flows and increasing conversions. 2017-10-26
Granddad died today
Granddad died. The unspoken practice of death-by-dehydration in the NHS. The Liverpool Care Pathway. Assisted dying in the UK. The importance of planning in end-of-life care. 2017-05-19
How do I call a program in C, setting up standard pipes?
A C function to create a new process, set up its standard input/output/error pipes, and return a struct containing the process ID and pipe file descriptors. 2017-02-17
Your syntax highlighter is wrong
Syntax highlighters make value judgments about code. Most highlighters judge that comments are cruft, and try to hide them. Most diff viewers judge that code deletions are bad. 2014-05-11

This page copyright James Fisher 2017. Content is not associated with my employer. Found an error? Edit this page.

Jim Fisher
CV
Speaking
Blogroll
RSS
TigYog
Kickabout