Hi Ask, Ask Bjørn Hansen <a...@develooper.com>于2017年3月22日周三 下午12:40写道:
> > On Mar 21, 2017, at 21:30 , Lanlan Pan <abby...@gmail.com> wrote: > > See this example of ECS : Which CDNs support edns-client-subnet? > <https://www.cdnplanet.com/blog/which-cdns-support-edns-client-subnet/>, > they *map the ECS client subnet into the geolocation (what EIL give)*, > and then make DNS decision. Because on AUTH side, they do not so care about > each client subnet, but configure on aerial view geolocation level > > > That’s a fundamental assumption of your proposal. What I’m offering (and I > think what Warren said as well) is that it’s not true. The authoritative > server will likely care as much or more about the subnet as it does the geo > location. > > The geo location only is fine for smaller networks or CDNs. Consider for > example several pops in one city or region with differing peering > connections in each pop. > > First, I TOTALLY AGREE with you that there may be several pops in one city or region with differing peering connections in each pop. But, EIL has the *SAME fundamental assumption* of ECS. Because ECS is also based on the map of "*client subnet -> geolocation*" information. So, imagine that, AUTH gets the precise subnet, and then, *what is the accuracy of map the subnet into geolocation* ? * 2) Is the IP geolocation database used by the authoritative server with high quality? ( details in my Paper <https://drive.google.com/open?id=0B5gNT4RRJ0xPaG9nZ045VXRrZzg> )* Most of time, AUTH's geolocation database CAN NOT achieve this accuracy level, expecially on foreign subnet: several pops in one city or region with differing peering connections in each pop. So, the point is ECS send the subnet to AUTH, and AUTH map the subnet into EIL's aerial view geolocation, and then AUTH makes the DNS decision. For example, some AUTH may use Maxmind IP geo database. Maxmind can tell that a subnet is from CHINA, and distinguish Chinese TOP 5 ISP : TELECOM/UNICOM/MOBILE/EDUCATION/TIETONG. But Maxmind can not distinguish different subnet peering connections in one city, there are many small ISPs in China, such as CHANGKUAN, GEHUA, DIANXINTONG, JUYOU, YOUXIANTONG, etc... Actually, when I was worked for Tencent, a local company which have billions of clients at PC and Mobile in China, they DID NOT achieve this accuracy level too. However, if you know about the geolocation <COUNTRY, PROVINCE, ISP>, you can make a better response, most of time, is the best response too. Moreover, IPv6 contains huge amount of subnet, the accuracy problem may be even worse. > Ask > -- 致礼 Best Regards 潘蓝兰 Pan Lanlan
_______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
