[Dnsmasq-discuss] DNSMasq and CDN (akamai, etc)

Nicholas Weaver nweaver at gmail.com
Fri Jul 8 13:21:39 BST 2011

On Jul 8, 2011, at 3:28 AM, Simon Kelley wrote:

> I don't know if this
> http://tools.ietf.org/id/draft-vandergaast-edns-client-ip-01.txt
> is going anywhere (the latest draft has expired) but if it does then
> support in dnsmasq may be in order.

I'd not bother supporting it in dnsmasq, it buys nothing since the upstream resolver sees the right IP in effectively all dnsmasq deployments (unless someone is using dnsmasq for a wide-scale DNS service like OpenDNS...).  Its actually designed so only large-scale (EG, national ISP size, public DNS services) resolver and CDN authorities need to care.

The name has been changed to client-subnet, and I believe Google Public DNS uses it somewhat (with google domains, in particular, I don't know if they are exporting it yet except to whitelisted authorities)

>> Disregarding all the privacy debates about using these super DNS
>> servers, does anyone have any thoughts on how to better handle getting
>> redirected to a local CDN, other than perhaps using only the ISP servers?
> I wonder if your ISP has a cache for the BBC content withing its
> network? Traffci from bbc.co.uk must make up a huge proportion of
> external traffic for UK ISPs.
> Maybe try it the other way around, (ie use openDNS or Google DNS for
> everything _except_ (list of big site likely to use local CDNs)

The problem is there are so many names that go through Akamai or other CDNs that its impossible to whitelist all of them.

If your ISP has a proper opt-out for whatever F@)(#*@ NXDOMAIN wildcarding they use, I'd use the ISP's opt-out server, you'll get much better results.  If their service for DNS is flakey, have Google Public DNS is the third spot for failover.  Google public DNS, unlike OpenDNS, does NOT aggressively wildcard responses.

More information about the Dnsmasq-discuss mailing list