The EDNS Client Subnet (ECS) is an extension of the EDNS0 (Extension Mechanisms for DNS) protocol that enables recursive DNS resolvers to include part of the client’s IP address in DNS queries. This functionality allows Content Delivery Networks (CDNs) and other authoritative DNS servers to return responses optimized for the actual location of the end user, rather than the location of the resolver.

Planisys natively supports ECS to improve content delivery efficiency, reduce latency, and enhance the user experience for ISPs and enterprises.

What is EDNS0

EDNS0 (Extension Mechanisms for DNS), introduced in RFC 2671 (later updated by RFC 6891), extends the functionality of DNS beyond its original 512-byte UDP response size limit.

By adding an OPT pseudo-RR (Resource Record) in queries and responses, EDNS0 allows DNS resolvers to:

• Support larger DNS messages (up to 4096 bytes, or more with TCP)
• Transmit additional metadata without altering the core DNS protocol.
• Enable advanced features like ECS, DNSSEC, and DNS cookies.

BIND9 has supported EDNS0 since BIND 9.4.0, released in 2007. ECS was later introduced as an EDNS0 extension and standardized in RFC 7871 (2016).

How Does ECS Work?

When a user from an ISP makes a DNS request, the query is resolved by a recursive resolver. Without ECS, the authoritative DNS server (such as one operated by a CDN like Netflix, Facebook, Instagram, Akamai) only sees the IP address of the recursive resolver. This can result in suboptimal content routing, as the CDN assumes that the resolver’s location is the same as the user’s location.

With ECS enabled, the recursive resolver includes a network prefix from the user’s IP in the EDNS0 section of the DNS query. This helps the CDN select the nearest server, reducing latency and improving performance.

For example, if a Planisys resolver is located in the United States, but the user is in Argentina, ECS ensures that the CDN returns an IP for a server closer to Argentina, rather than defaulting to a U.S.-based CDN server.

EDNS0 and ECS in Action

Example DNS Query Without ECS:

A user from an ISP with IP 190.216.31.199 queries www.example.com.

• Query: www.example.com
• Client visible to the CDN: Planisys resolver’s IP (e.g., 209.51.169.60)

Example DNS Query With ECS:

When ECS is enabled, the query includes an EDNS0 option specifying the client’s subnet:

• Query: www.example.com
• Client visible to the CDN:
• Planisys resolver’s IP (209.51.169.60)
• ECS Prefix: 190.216.31.0/24

The /24 prefix (for IPv4) or /56 prefix (for IPv6) provides sufficient geolocation granularity while preserving user privacy by not exposing the full IP address.

ECS and DNS Encryption (DoT & DoH)

ECS is still compatible with encrypted DNS protocols like DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH), but there are limitations:

1. ECS in DoT (RFC 7858)

• Works normally if the recursive resolver supports ECS and forwards queries with ECS metadata.
• Provides encryption for privacy, but ECS still reveals part of the user’s location to the authoritative server.

1. ECS in DoH (RFC 8484)

• Some DoH providers strip ECS information for privacy reasons.
• DoH queries can still include ECS, but the resolver must be explicitly configured to preserve and forward ECS data.
• Certain privacy-focused DoH resolvers (e.g., Cloudflare 1.1.1.1) may ignore ECS for user protection.

BIND 9 fully supports ECS, but an ISP or enterprise must ensure its recursive resolver properly forwards ECS while complying with privacy regulations.

Key Benefits for ISPs

Network Performance Optimization

• CDNs provide responses from the nearest servers, reducing round-trip times.
• Traffic routing becomes more efficient, preventing unnecessary detours through distant data centers.

Reduced Operational Costs

• Lower international bandwidth usage, as traffic stays within regional networks.
• Better peering efficiency, optimizing agreements with other ISPs and content providers.

Enhanced User Experience

• Faster streaming, gaming, and cloud application performance.
• More stable connections with reduced fluctuations in service quality.

Competitive Edge for ISPs

• Improved customer satisfaction due to faster browsing and streaming.
• Ability to differentiate services by offering optimized traffic routing.

Privacy and Control

• ISPs can define the ECS subnet size, balancing privacy and routing accuracy.
• More visibility into how CDN routing affects network performance.

Conclusion

Implementing ECS in BIND9 enables ISPs to significantly enhance content delivery performance, optimize network efficiency, and reduce operational costs. By providing CDNs with geolocation-aware responses, ISPs ensure users receive the fastest and most efficient service.

Planisys natively supports ECS, allowing ISPs and enterprises to maximize network performance while maintaining control and privacy in DNS resolution.