NS1 Status

Articles in this section

Using geofilters to steer DNS traffic

  • Updated
Follow

Geofilters are geographic-specific filters within the NS1 Filter Chain that help steer DNS traffic intelligently across your network.

As you will learn in more detail in this article, NS1 allows you to geotarget or geofence traffic. When you use geotargeting filters, clients are directed to the nearest endpoint. Geofencing filters, on the other hand, filter out traffic that does not match the filter’s definition. In short:

  • Use geotargeting filters to create a prioritized list of answers that help clients reach their endpoints quickly without removing any option.
  • Use geofencing filters to ensure that only the georegions you define get the answers that you define.

In many cases, the location of the resolver determines how the authoritative name server (ANS) directs traffic. However, if the resolver supports the EDNS client subnet (ECS) extension, NS1 can steer traffic according to the client’s geolocation. Most commonly, geofilters connect clients to endpoints that are the closest to them or steer them toward specific data centers.

Screenshot of the Filter Chain interface in the NS1 Customer Portal. There are three filters in the Filter Chain: Up, Geotarget Country, and Select First N. There are five answers in the list.

How do geofilters work?

As you just learned, geofilters filter and respond to DNS queries based on the geolocation of the resolver or the client. The IP address is matched against NS1’s geolocation database to steer traffic accordingly, if used alone. Often, geofilters are used in conjunction with other filters to create a list based on proximity of the resolver or client, then additionally filter and process traffic. For example, in addition to directing traffic to closer endpoints, you may want to balance the load or avoid overloaded endpoints.

NOTE
NS1 works continuously to ensure that data in the geoIP database is accurate and up to date. If you experience issues due to inaccurate geoIP data, contact NS1 customer support to discuss a solution.

You can filter based on origin resolver or client subnet if ECS information is provided. The additional IP address information provided through ECS can help NS1 better direct traffic. ECS is enabled by default. Refer to About the EDNS client (ECS) extension to learn more.

NOTE
NS1 does not recommend disabling ECS on a resource record. Refer to the ECS article to learn more about why you should ensure that this capability is enabled.

Geofilters are based on three types of metadata:

  • Country: Filters based on country and country subdivision metadata. See ISO 3166-2 subdivision codes for more information.
  • Region: Applies to broad geographies, similar to cloud provider regions.
    Screenshot of the regions available in the NS1 Filter Chain
    NOTE
    US regions include all regions in North America, despite the naming. For example, US-WEST includes some Canadian provinces in addition to the western United States.
  • Latlong: Filters based on latitude and longitude.

Geofilter types

You can configure geotargeting or geofencing filters.

With geotargeting filters, NS1 attempts to return the response that is geographically closest. Geotargeting filters are flexible. NS1 directs traffic to whatever is closest instead of filtering it out. It creates a prioritized list without ruling out any options. Geofencing filters, on the other hand, are explicit. The answers and endpoints that do not match the specified configuration are filtered out.

In general, you should not use both types in the same Filter Chain. Using a geofencing filter and a geotargeting filter that use the same geotype metadata (like region or country) will have unexpected results.

NOTE
Use cases where both geotargeting filters and geofencing filters are required aren’t as common, but they are possible. You can use both types of filters in your Filter Chain, but you should use different geographic metadata for each filter type. For example, you can use a Geofence Country filter and a Geotarget Region filter in the same Filter Chain. Typically, these use cases involve the use of answer groups or other more complex approaches. If you feel that you need to use both in the same Filter Chain, we can help: Contact our Customer Success team to learn more.

Geotargeting filters

Screenshot of the geotarget filters in the NS1 Customer Portal

Use geotargeting filters to steer traffic based on the client or resolver’s proximity to a geographic midpoint. The geographic midpoint is the latitude and longitude that represents the midpoint of the location for the answer. In other words, if an answer is marked as being in the US-West region, then the geographic center of the western United States is used. On the other hand, if an answer is marked as being in the state of New York, then the latitude and longitude of the exact middle of NY is used. When you use geotargeting filters, you ensure clients almost always reach the nearest data center based on the location of their resolver or the location of their own IP address, if ECS is supported and enabled on the Filter Chain. Keep in mind the following recommendations when configuring your geotargeting filters:

  • Use only one piece of metadata: The location of the endpoint. Ideally, you should have a one-to-one mapping of answers to geographic locations that you’re targeting. For example, if you have endpoints in California, New York, Texas, and Illinois, you specify those answers in the answer list, then assign the appropriate US states to those endpoints and no other metadata. If you require more than one piece of metadata, understand that the geographic midpoints of each will be considered, and this could lead to unexpected results. Geofencing may serve your needs better.
  • Be as granular as possible when you use the country geotargeting filter. For example, choose a subdivision over an entire country when possible. If your filters aren’t granular enough, your results may seem counterintuitive. For example, clients in a large geographic country or region could receive a response that is intended for a different country or region.

Geofencing filters

Screenshot of the geofencing filters available in the NS1 Customer Portal

When you use a geofencing filter, only clients or resolvers that match the geographic metadata get the designated response. If the geolocation does not match the metadata of an answer, the client or resolver will not receive that answer. Answers without geolocation metadata remain available for clients or resolvers outside of the geofence you define.

Requests are evaluated against an IP database to help you steer and restrict clients. You can use geofencing filters to use in-country CDNs or restrict user data within a specific country.

When you use geofencing filters, keep in mind the following information:

  • Some IP addresses do not have geolocation metadata attached to them. You should include a fallback answer with no geolocation metadata attached that provides a response for these IP addresses.
  • Commonly, geographic filters respond with an endpoint that is only intended for one region. This can provide a form of content protection, but end users can easily circumvent this design. If you want to keep unwanted users away from your content, you should use other methods in conjunction with geofencing and further methods later in the user journey.

Examples

Geotargeting between multiple endpoints

  • Setup
    You have endpoints in the following locations: San Francisco, New York City, Budapest, London, and Singapore. Assume you’ve already set up monitoring for each of your endpoints.
  • Desired Outcome
    You want clients to be directed to the nearest endpoint to ensure that the connection between the client and your servers remains speedy.
  • Solution
    You create a Filter Chain with filters in the following order: Up, Geotarget Country, Select First N. You add the country metadata of each of the endpoints to the answers in the list, then specify that only the first answer should be returned.

Before we set up the Filter Chain, we should add the endpoints as answers for this record. From there, we can add the country metadata for these endpoints.

NOTE
In some cases, you may find it more useful to set subdivision-level or latitude and longitude-level metadata for your endpoints instead of country-level. In cases where you must direct traffic among several endpoints in adjacent countries or multiple endpoints in a single US state, you should opt for a more granular approach.

The following screenshot shows how we’ve set up our Filter Chain and metadata based on the setup outlined previously:

Screenshot showing the outlined scenario. Three filters in the filter chain: Up, Geotarget Country, and Select First N. Several providers in the answer list, with corresponding metadata entered for each endpoint

To set up this Filter Chain and geotarget based on latitude and longitude:

  1. Create endpoint answers for each of the servers.
  2. Include Up, Geotarget Country, and Select First N in the Filter Chain.
  3. Specify that only 1 answer should be kept for the Select First N filter.
  4. Assign country or subdivision metadata to each of the endpoints, then save the record. To add this metadata, click the Geotarget Country filter to populate answers with the tags, then click the subdivisions tag to add the corresponding subdivisions.

When a query is sent to the Filter Chain, filters are evaluated from top to bottom, and each filter uses the configured parameters to decide which endpoint clients should use, depending on their location. After all filters have sorted the available answers, the final endpoint is returned to the client as the best solution at that time.

  • The Up filter determines whether an endpoint is available.
  • The Geotarget Country filter finds the endpoint closest to the client or resolver.
  • The Select First N filter eliminates all but the number of answers that you specify.

Geofencing China

  • Setup
    You have two endpoints: A Chinese CDN and a CDN that you use for the rest of the world.
  • Desired Outcome
    You want to direct users in China to a Chinese content delivery network (CDN), while the rest of the world is directed to another CDN.
  • Solution
    You assign the CN country metadata to the Chinese CDN. Then you create a Filter Chain in the following order: Up, Geofence Country, and Select First N.

The following screenshot shows the Filter Chain and answer list setup for this scenario:

Screenshot of the setup and solution for this scenario. Three filters in the filter chain: Up, Geofence Country, and Select First N. Two answers, one of which has assigned the 'country: CN' metadata value

To set up this Filter Chain and set up a geofence for China vs. the rest of the world:

  1. Create answers for the Chinese CDN and the CDN you use for the rest of the world.
  2. Assign country metadata to each of the CDNs.
  3. Geofence by country by creating a Filter Chain in the following order: Up, Geofence Country, Select First N.
  4. Specify that only 1 answer should be kept by clicking the Select First N filter in the Filter Chain and typing 1 in the number of answers field.

When a query is sent to the Filter Chain, each filter uses the configured parameters to decide which endpoint clients should use, depending on their location. After all filters have sorted the available answers, the final endpoint is returned to the client as the best solution at that time.

  • The Up filter determines whether an endpoint is available.
  • The Geofence Country filter eliminates answers in which the country, subdivision, state, or province metadata does not match the requester’s location.
  • The Select First N filter eliminates all but the number of answers that you specify.

 

Related articles