[gojomo]

Clever, but it seems to me that might only coarsely reveal some global service my DNS server falls back to, NOT the server my local machine consults first.

Is this technique, including running your own authoritative DNS server and remembering every unique lookup, commonly used to geolocalize individual web visitors? Or do servers more often just look up the originating IP? My conjecture is that the latter dominates.

[dsl]

You said originally "there's no way for a site to know what DNS servers I use." I proved that is false.

Is it used to geolocate users? No. Is it used to route traffic in most major CDNs? Yes. The two are completely different use cases.

I think this is getting way out of scope for HN. If you are still curious how this stuff works I can email you directly if you'd like.

[gojomo]

OK, a typical website acting alone can't know what DNS servers my local machine is configured to contact, and furthermore doesn't use such DNS sensing to geo-localize its content (the claim I was responding to).

But, with the technique you've described, a website coordinating with a DNS server can probe to learn one of the DNS servers that gets consulted (directly or indirectly) by my machine. Got it. Neat and useful trick.