EDNS Client Subnet Checker

The EDNS Client Subnet Checker allows users to analyze how DNS responses vary when EDNS Client Subnet (ECS) functionality is enabled. ECS is an extension to the DNS protocol that provides additional information about the originating client's IP address or subnet to authoritative DNS servers. This tool can help assess the impact of ECS on DNS responses for specific domains and subnets.

How to Use the EDNS ECS Checker:

• Domain Name: Enter the domain name you want to test (e.g., www.example.com).
• Record Type: Select the DNS record type to query, such as A, AAAA, MX, NS, or TXT.
• Subnets: Provide up to 10 IP addresses or subnets representing ECS values for testing. Ensure proper formatting (e.g., 192.168.1.0/24 or 2001:db8::/64).
• Run the Tests: Click on the "ECS Check" button to initiate the DNS queries.
• View Results: The tool will display results in a table format, including:
  • DNS Response: The resource records returned by the authoritative name servers.
  • ECS Scope: The ECS scope information from the name server response.

The ECS scope value returned by DNS servers usually list the subnet specified in the query followed by the second subnet prefix indicating the network range for which the tailored answer is intended. For example: 192.168.1.0/24/16. In this case, the returned ECS scope contains 192.168.1.0/24, which is the ECS subnet value used for the lookup (it mirrors the value listed in the query), and /16, which identifies 192.168.0.0/16 as the network the answer applies to.

The absence of ECS scope value in the answer or a zero-length prefix (e.g. 0.0.0.0/0 or /0) indicates that the response covers all networks. If a DNS server does not support ECS, the tool will display the same response for all queries.

Use Cases for the Tool

• Troubleshooting DNS-Based Load Balancing:
  • Identify how ECS influences DNS responses for clients in different geographic regions or subnets.
  • Diagnose inconsistencies in DNS-based traffic distribution.
• Analyzing Content Delivery Optimization:
  • Evaluate how a CDN or authoritative server tailors responses based on ECS data.
• Testing ECS Configuration:
  • Verify if authoritative servers support ECS.
  • Examine ECS scope values for different subnet inputs.

What is EDNS?

Extended DNS (EDNS) is a protocol extension that allows DNS messages to exceed the original 512-byte size limit set by the legacy DNS specification. It also introduces additional capabilities such as:

• Support for larger DNS packets over UDP.
• Inclusion of optional metadata in queries and responses (via the OPT pseudo-RR).
• Enhanced functionality, such as DNSSEC and ECS.

What is ECS (EDNS Client Subnet)?

ECS is an EDNS extension that enables DNS servers to consider the client's geographic or network location when resolving queries.

How It Works?

• ECS adds the subnet of the client's IP address (or a user-specified subnet) into the DNS query.
• Authoritative DNS servers and intermediate resolvers can use this subnet information to tailor their responses, typically for:
  • Load Balancing: Directing clients to geographically closer servers.
  • Content Localization: Serving region-specific content.
• The DNS server includes an ECS Scope value in the response, indicating the network range the returned answer is relevant to.

Issues Addressed by ECS:

• Reduces latency and improves performance by directing users to nearby resources.
• Supports more accurate responses for users behind shared resolvers (e.g., ISPs or public resolvers like Google Public DNS).
• Improves the reliability of geo-located content delivery.