EDNS Client Subnet (ECS) extension

The IBM® NS1 Connect® platform supports the EDNS client subnet (ECS) extension. Recursive resolvers use this extension to forward details about the IP network, such as a partial IP address, from which a query originated.

Defined in RFC 7871, ECS is a DNS extension that was proposed in 2011 by a group of DNS and CDN operators.

When sending DNS queries to authoritative DNS name servers, ECS-enabled DNS resolvers can send a portion of the IP address of the requesting client or end user. Typically, the resolver forwards the octets of an IP address, for example, 198.0.2.x. This information can be leveraged to improve traffic steering decisions with the Filter Chain.

For example, suppose you have a Filter Chain that includes the Geotarget Country filter. Without ECS data, geotargeting looks at the geolocation of the IP address from which the query was received, which is typically a DNS resolver that might not be in the same location as the actual requester. With ECS data, NS1 Connect can identify the specific network of the requester and their geolocation to improve traffic steering behavior for requests that come through public resolvers.

What is the impact of ECS on query counts?

The EDNS Client Subnet (ECS) extension has some disadvantages: When NS1 Connect uses ECS data to compute an answer to a DNS query with the Filter Chain, the answer is only valid for users in a specific scope (in other words, users in the same network as the requester). If the resolver needs to answer a query for someone in a different network, it needs to query NS1 Connect again, and then send ECS data for the new user's network. In short, using ECS can result in a higher number of queries compared to per-resolver routing.

How many more queries? It's hard to say as it depends on several factors, from how many of your users leverage Google Public DNS and OpenDNS, to how geographically distributed they are.

Typically, for a non-ECS-enabled record, 2-3% of queries come from Google and OpenDNS. For an ECS-enabled record, that can increase to between 10-50% of queries, depending on the user base. In some extreme cases, NS1 Connect observed that traffic inflated up to 2-3 times upon enabling ECS.

Using ECS on NS1 Connect

Because ECS data might increase the number of incoming queries to the DNS name servers, you can enable ECS for individual records. You can enable or disable ECS data from the records configuration details next to the option to configure a Filter Chain. The same option appears in the Filter Chain configuration window.



If you disable ECS, all filters use the resolver's IP address in their computations, even if the resolver sends ECS data.

ECS data is used by the following traffic steering filters:

  • Geofence Country
  • Geofence Regional
  • Geotarget Country
  • Geotarget Latlong
  • Geotarget Regional
  • Netfence ASN
  • Netfence Prefix
  • Weighted Sticky Shuffle
  • Pulsar Availability Sort
  • Pulsar Availability Threshold
  • Pulsar Performance Sort
  • Pulsar Performance Stabilize