EDNS Client Subnet is a DNS feature that helps routing traffic to the best server location on non-Anycast networks.
Find out if your CDN supports EDNS Client Subnet or has global Anycast routing.
What is EDNS Client Subnet?
EDNS Client Subnet (ECS) is an option in the Extension Mechanisms for DNS ... generally intended to help speed up the delivery of data from content delivery networks, by allowing better use of DNS-based load balancing to select a service address near the client when the client computer is not necessarily near the recursive resolver. Source: Wikipedia
Google's very popular public resolver (22.214.171.124), OpenDNS, Quad9 and other DNS resolvers send part of the client IP address in the query to authoritative DNS servers. The authoritative DNS may use this information about the client to send a tailored response. If your IP address is
10.11.12.13, Google's resolver will send
10.11.12.0/24 in the query which should be sufficient to geo-locate the client with fairly high accuracy.
Why is EDNS Client Subnet important for CDN Performance?
Non-Anycast CDNs should support EDNS Client Subnet (ECS) to ensure users of Google Public DNS are routed to the closest POP.
Imagine a user in Vietnam uses Google's DNS resolver 126.96.36.199 and loads
www.website.com in the browser. The user's machine sends the DNS query to the closest Google DNS resolver in Singapore. Website.com uses a CDN with POPs in Singapore and Vietnam, but because the CDN does not support EDNS Client Subnet it sees only Google's IP and responds not with the IP of the Vietnam POP but with the IP of the Singapore POP, resulting in a suboptimal experience for the user.
- How does the EDNS Client Subnet Checker work?
- Why test only with Google's resolver?
- How do I know if my CDN is using Anycast?
- Does this tool work Multi-CDN?
How does the EDNS Client Subnet Checker work?
First, the tool determines if the domain/URL points to a known global Anycasted CDN. If yes, the process stops because EDNS Client Subnet is not relevant.
In case the CDN is not CDN that is known to always use global Anycast (for large public resolvers), the tool sends ECS queries to Google's resolver using client IPs from large eyeball networks in the United States, Germany and Australia. If Google receives different responses and none have a SCOPE PREFIX-LENGTH of zero, the CDN supports EDNS Client Subnet.
Why test only with Google's resolver??
Non-Anycast CDNs may be hesitant to support ECS because it increases the load on their DNS servers, so some CDNs like Akamai support ECS only for the some resolvers like Google's 188.8.131.52 and OpenDNS because these resolvers are used by so many users. We've observed inconsistent behaviour by Akamai, where sometimes the Akamai DNS server answers with a non-Anycast response that Google's resolver is allowed to use globally (bad) instead of only for a range of client IP addresses (good).
How do I know if my CDN is using Anycast?
Your CDN uses global Anycast for routing of HTTP(S) traffic if its DNS servers hand out the same IP(s) globally to all users/clients. Cloudflare, CacheFly, StackPath and TATA are some of the CDNs that only do global Anycast, so if you're using one of these CDNs you can be sure Anycast routing is in play.
Verizon Media (now Edgio) and Imperva use regional Anycast. Fastly has some customers on a global Anycast network and responds to queries from public resolvers with Anycast answers. Limelight has some customers on a global Anycast network and - like Fastly - responds to queries from public resolvers with global Anycast IPs but it seems not all their POPs are in that Anycast network (which results in suboptimal user experiences for some users).
whatsmydns.net lets do DNS lookups from many locations around the world and is an easy to way to see if your CDN is handing out (many) different IPs or always the same.
Does this tool work Multi-CDN?
No, you should use the EDNS Client Subnet Checker only with hostnames that always point to the same CDN.