Let us begin by understanding what ECS is and how does it help ?
ECS is a feature added to the DNS extensions spec. This option allows a DNS resolver to include the subnet of requesting host/client whose recursive queries it is handling.
The part of the client IP(Thanks to the Client Subnet Extension) that comes as part of the recursive DNS query helps authoritative name servers to provide an optimal IP address. Helps significantly when a CDN/reverse proxy service is in play.
Right, you may ask what happens without ECS ? How does it impact my application from servicing my clients ?
Most of our applications/websites are onboarded on a CDN/other Reverse Proxy services for benefits that include Performance, Security, Edge Compute etc. Many of your clients would be leveraging Public/Open DNS resolvers over their default ISP resolvers(we will talk about this in more detail in another blog). Most ISP/other resolvers are in a nearby location to the source of the DNS queries(stub/forward resolvers) however public resolvers in many instances could be sitting 100s/1000s of miles away from the source of the queries, this results in sub-optimal client-server mapping.
Example : The Authoritative DNS servers of the CDN/reverse proxy service provider see these intermediate resolvers(Public DNS) coming from Frankfurt, Germany, map the client to a CDN node in/close to Frankfurt. This leads to sub-optimal mapping as the client resides in Mumbai while the CDN server resides in Frankfurt.
Now if we were to leverage ECS the intermediate resolvers would send the client subnet, the authoritative DNS servers of the CDN/reverse proxy service would map the client to a node in/close to Mumbai.
ECS is defined in RFC 7871 produced/published by IETF - https://datatracker.ietf.org/doc/html/rfc7871 , the authors of this document belong to Google and Akamai Technologies.
0 Comments