Learn more about Russian war crimes in Ukraine.

How does GeoDNS work?

Say you’re serving static files to clients and want to minimize their request latency. The latency between sending the request and receiving the response is mostly due to the distance between the client and your server, i.e. due to time spent by packets on the network. So the way to reduce this latency is to move your server closer to the client. But since your clients are all over the globe, this means you need many servers, spread all over the globe, so that clients can query the server closest to them. The question then arises: how can you connect a client to the server which is geographically closest to them?

One answer is GeoDNS. When a client queries your DNS server, the DNS server looks up the location of the client based on their public IP address in the DNS query packet. The DNS server finds the closest file server to this location, and returns this file server’s IP address in the DNS answer.

This method relies on some method to resolve an IP address to a geographical coordinate. For instance, geoiptool.com resolves my current IP to a coordinate that is within a kilometer of my real location. This technique is known as geo IP.

So how does geo IP work? All services use a database. The most popular is GeoIP by MaxMind, but there are others. They are available at various levels of granularity. A small one is their IP-to-country database. One file in here is GeoLite2-Country-Blocks-IPv4.csv, which looks like:


The first column is an IP address range. The second column identifies the country. We can forget the other columns for now.

An example. My IP yesterday at the weekend was Since the lines are ordered, I can binary search for this, to find all the blocks 185.30.*.*:,798544,798544,,0,0,130758,130758,,0,0,2635167,2635167,,0,0,2017370,2017370,,0,0,2017370,2017370,,0,0,6252001,6252001,,0,0,2635167,2635167,,0,0,3017382,3017382,,0,0,2921044,2921044,,0,0,272103,272103,,0,0,2017370,2017370,,0,0,3175395,3175395,,0,0,3017382,3017382,,0,0,2802361,2802361,,0,0,2750405,2750405,,0,0,3175395,3175395,,0,0,3175395,3175395,,0,0,2963597,2963597,,0,0,130758,130758,,0,0,3175395,3175395,,0,0,690791,690791,,0,0,587116,587116,,0,0,3017382,3017382,,0,0,2017370,2017370,,0,0,2623032,2623032,,0,0,2017370,2017370,,0,0,3175395,3175395,,0,0,3175395,3175395,,0,0,2017370,2017370,,0,0,3057568,3057568,,0,0,798544,798544,,0,0,3017382,3017382,,0,0,3190538,3190538,,0,0,2510769,2510769,,0,0,783754,783754,,0,0,102358,102358,,0,0,2661886,2661886,,0,0,2921044,2921044,,0,0,2623032,2623032,,0,0,2750405,2750405,,0,0,2960313,2960313,,0,0,2750405,2750405,,0,0,3175395,3175395,,0,0,2629691,2629691,,0,0,3175395,3175395,,0,0,2017370,2017370,,0,0,2510769,2510769,,0,0,690791,690791,,0,0,2750405,2750405,,0,0,3017382,3017382,,0,0,2635167,2635167,,0,0,3017382,3017382,,0,0,2017370,2017370,,0,0,3144096,3144096,,0,0,2017370,2017370,,0,0,2750405,2750405,,0,0,2510769,2510769,,0,0,248816,248816,,0,0,2802361,2802361,,0,0

To match the third and fourth octets of my IP address, we need to understand those IP address ranges. They are in “CIDR notation”. The range ip/n after the slash matches any IP address whose first n bits match the first n bits of ip. For example, matches any IP address whose first 18 bits match the first 18 bits of Since there are 32 bits in an IP address (in IPv4), the range ip/n contains 2^(32-n) IP addresses. Thus a larger n corresponds to a smaller range; incrementing n halves the size of the range. A ip/32 range contains just the one address ip; an ip/0 range contains all addresses.

Most of the ranges above are /22s, which contain 2^(32-22) = 1024 addresses each. There are some /21s, which contain 2048 addresses each. Both of these ranges are awkward to read, because they don’t fall cleanly into an integral number of octets.

It so happens that my IP address,, is in the following row, because matches,2802361,2802361,,0,0

This gives me the country id 2802361. What does this mean? MaxMind provide another file in the zip, GeoLite2-Country-Locations-en.csv, with rows like:


So the country id for my IP address is Belgium. That’s correct! I was at FOSDEM, a conference in Brussels.

Now, a more interesting question is: how do MaxMind construct their downloadable database? I’ll cover that in a future blog post.

What can computers do? What are the limits of mathematics? And just how busy can a busy beaver be? This year, I’m writing Busy Beavers, a unique interactive book on computability theory. You and I will take a practical and modern approach to answering these questions — or at least learning why some questions are unanswerable!

It’s only $19, and you can get 50% off if you find the discount code ... Not quite. Hackers use the console!

After months of secret toil, I and Andrew Carr released Everyday Data Science, a unique interactive online course! You’ll make the perfect glass of lemonade using Thompson sampling. You’ll lose weight with differential equations. And you might just qualify for the Olympics with a bit of statistics!

It’s $29, but you can get 50% off if you find the discount code ... Not quite. Hackers use the console!

More by Jim

Tagged . All content copyright James Fisher 2017. This post is not associated with my employer. Found an error? Edit this page.