[gojomo]

I think that's wrong: there's no way for a site to know what DNS servers I use. Instead, they use a reverse lookup from the apparent IP I'm connecting from... that is available to them, and is unrelated to my DNS servers.

Or can you supply a reference/explanation for how'd they'd know my DNS servers?

[dsl]

Run 'dig +short whoami.ultradns.net' in your terminal. You'll get back the IP of the DNS server you are using.

Your ISPs recursive DNS servers send off a query to the sites authoritative servers, which in turn look at the source IP address. That's how they know. (Source: I've built a few CDNs)

[gojomo]

Sure, but that only applies to the CDNs who have been careful to send diferent answers to different places, for sites relying heavily on such CDNs.

A standalone (single-IP) site not using a CDN, or even a site that uses a CDN solely for bulky static assets, has no direct way to query what DNS servers a client used, other that the fact that those servers resolved the request Host to the listening IP. (Perhaps it could probe by attempting a number of resource loads from hostnames that resolve differently based on different major DNS sources, but that's be obtrusive and require constant maintenance.)

Especially in the 'long tail' (of not-top-1-million-sites), I'd expect the non-CDN or CDN-only-for-big-assets setup to predominate, and so any geographic adaptation would be more likely based on IP lookups (via a database like from MaxMind), rather than CDN inference.

Or is there some other way even static-asset CDNs somehow communicate back their geography-sensing back to primary sites?

[dsl]

I'm not sure I fully understand your question.

A "standalone" site can get the IP address of the users DNS server by doing an AJAX request to http://[random].ip.yourdomain.com/. Your DNS server responds to requests for *.ip.yourdomain.com with the IP of your webserver and stores the requesting IP address in a database using [random] as its key. Finally a script on your website fetches the IP from the database when it gets the request and prints it out wrapped in a cute little JSON wrapper. You can see an example of this at http://entropy.dns-oarc.net/test/

[gojomo]

Clever, but it seems to me that might only coarsely reveal some global service my DNS server falls back to, NOT the server my local machine consults first.

Is this technique, including running your own authoritative DNS server and remembering every unique lookup, commonly used to geolocalize individual web visitors? Or do servers more often just look up the originating IP? My conjecture is that the latter dominates.

[dsl]

You said originally "there's no way for a site to know what DNS servers I use." I proved that is false.

Is it used to geolocate users? No. Is it used to route traffic in most major CDNs? Yes. The two are completely different use cases.

I think this is getting way out of scope for HN. If you are still curious how this stuff works I can email you directly if you'd like.

[gojomo]

OK, a typical website acting alone can't know what DNS servers my local machine is configured to contact, and furthermore doesn't use such DNS sensing to geo-localize its content (the claim I was responding to).

But, with the technique you've described, a website coordinating with a DNS server can probe to learn one of the DNS servers that gets consulted (directly or indirectly) by my machine. Got it. Neat and useful trick.

[andrewcooke]

what he (i assume?) is saying is that when a cdn wants to supply data to you, they want to do so from a server as close as possible.

now, typically, dns is configured so that your dns requests go to servers that are "near" you on the network.

so, say you're looking for google.com. the dns server near you will be configured to say that google.com is a server near you (and near the dns server). effectively they are inferring location from dns lookups (and then providing you with a nearby source).

this is completely different to looking up the requesting ip in a database which is what i originally assumed was being discussed (hence my confusion and perhaps yours). but it (this process for choosing cdn providers) does seem to be called geolocation by cdn people (just google "cdn geolocation").