feat: add EDNS Client Subnet (ECS) support for accurate GeoDNS

Rxflex · Rxflex · commit 94e3beed053c · 2026-02-03T00:53:43.000+01:00
- Add getClientIPFromECS() to extract client subnet from ECS option
- Support both IPv4 (family 1) and IPv6 (family 2) subnets
- Try ECS first, fall back to source IP if not present
- Enables accurate GeoDNS routing through recursive resolvers (1.1.1.1, 8.8.8.8)
- Logs detected ECS subnet for debugging
diff --git a/dns/server.go b/dns/server.go
@@ -86,7 +86,12 @@ func (s *DNSServer) handleDNSRequest(w dns.ResponseWriter, r *dns.Msg) {
 
 	log.Printf("[DNS] Query: %s %s from %s", domain, dns.TypeToString[qtype], w.RemoteAddr())
 
-	clientIP := extractClientIP(w.RemoteAddr())
+	// Get client IP, prefer ECS if available
+	clientIP := getClientIPFromECS(r)
+	if clientIP == "" {
+		// Fall back to source IP
+		clientIP = extractClientIP(w.RemoteAddr())
+	}
 
 	// Try to find exact domain match first
 	domainConfig := s.configMgr.GetDomain(domain)
@@ -605,6 +610,34 @@ func extractClientIP(addr net.Addr) string {
 	}
 }
 
+// getClientIPFromECS extracts the client IP from EDNS Client Subnet option
+// This allows GeoDNS to work correctly behind recursive resolvers like 1.1.1.1
+func getClientIPFromECS(r *dns.Msg) string {
+	for _, opt := range r.Extra {
+		if opt.Header().Rrtype == dns.TypeOPT {
+			// EDNS0 option
+			if edns0, ok := opt.(*dns.OPT); ok {
+				for _, option := range edns0.Option {
+					if subnet, ok := option.(*dns.EDNS0_SUBNET); ok {
+						// Found ECS option
+						if subnet.Family == 1 { // IPv4
+							// Convert subnet to IP string
+							ip := net.IP(subnet.Address).String()
+							log.Printf("[DNS] ECS detected: client subnet %s/%d", ip, subnet.SourceNetmask)
+							return ip
+						} else if subnet.Family == 2 { // IPv6
+							ip := net.IP(subnet.Address).String()
+							log.Printf("[DNS] ECS detected: client subnet %s/%d", ip, subnet.SourceNetmask)
+							return ip
+						}
+					}
+				}
+			}
+		}
+	}
+	return ""
+}
+
 func findBestAgentIP(geoDNSMap map[string]string, fallbackMap map[string]string, clientLocation string, httpProxyEnabled bool, allAgents []config.FallbackAgentInfo) string {
 	// Try exact match first
 	if ip, ok := geoDNSMap[clientLocation]; ok {
