[Feature Request] Custom IP for EDNS Client Subneet

[raphielscape]

In some cases, like the cases where the user's IP is not registered or geolocated in the same country as the user, the EDNS Client Subnet may route the user to somewhere far from the current user location, causing high latency.

[ShreyasZare]

Thanks for the feature request. This is a bit complex feature so you need to provide more details on what exactly you are looking for.

I would like to mention that the DNS server does not find out the geolocation for each client. It just sends the client subnet to the name server of the domain that the client is trying to resolve. The name server will use some kind of IP location database to find out the rough location of the client and respond with a suitable IP address. These databases are not really accurate and can provide IP of a server far away.

The question here is thus how having this custom IP option help? Like when you resolve google.com, Google will use its own database to find the location. When you resolve some domain that uses say Cloudflare CDN then Cloudflare CDN will use its own database. There are several different CDN providers who use different databases. If you provide some alternate custom IP for EDNS Client Subnet to fix issue with one CDN may cause issues with other CDN services.

[raphielscape]

Google and several other websites use EDNS ECS for geolocating the user to nearby locations, and sometimes some ISPs have registered the IP subnet outside of the region, for example, an ISP in Country A registered their IP geolocation in Country B, users that trying to access websites that uses EDNS ECS from Country A will instead be routed to Country B, causing high latency.

DNSDist and AdGuard Home have this implemented, respectively in DNSDist, its SetECSAction and AdGuard Home in this issue

Having a custom Client Subnet IP helps this scenario, also users who want more privacy but are still able to get routed nearby (but not in the exact subnet of their network) can also use this to increase Privacy.

[raphielscape]

For CDNs that expect the Client Subnet to be intact (As far as I know, Akamai and Alibaba CDN) they will send a REFUSED response, it's required to retry without ECS address data when we get REFUSED responses to their ECS queries as defined in RFC 7871 section 7.1.3, we can handle this by retrying with original ECS data, then retry without ECS data if the original ECS data also receiving a REFUSED response from upstream.

For websites behind Cloudflare CDN, they generally don't use ECS (Unless the website has a Load Balancer plan with Cloudflare and has ECS configured

[ShreyasZare]

Thanks for describing the issue. Will plan some option for this in the next update.

Note that the RFC 7871 section 7.1.3 is already in place in the DNS server to handle such scenarios.

[ShreyasZare]

Technitium DNS Server v12.1 is now available that adds EDNS Client Subnet Override options to force use a specific subnet for all outbound requests. Do update and let me know your feedback.