Comment by mesrik

Comment by mesrik 4 days ago

4 replies

View on Hacker News

That's a good question.

During 2024 Summer Olympics my then employer which DNS and core network I was still managing as I returned summer holiday. I was told by helpdesk our users around different locations at campus were not able to open national TV broadcaster streaming services and view the games.

I found out by asking few of these users that they got denied claiming to be from UK and that streaming services were not allowed abroad. TV broadcaster told me once I got someone to know anything about the matter reply, that they use MaxMind GeoIP service. So I went to see and test few addresses from MaxMind debug page and that clearly showed many addresses from around 20 subnets of /16 our IPv4 CIDR block were showing the same.

So I sent email to MaxMind support asking why and tried to find out means they use to check where each network is located and populate it to their GeoIP DB, which then clients either mirror or use remotely from their service.

After few emails with their support that they did not use RIPE (RIR) database at all as RIPE terms of use doesn't allow using RIR information for commercial purposes. So MaxMind neither did not apparently use WHOIS (RDAP) LOC records, and wrong information did not update from our LOC records DNS had either.

I never got any explanation how they figure out where that IP or CIDR block is being used. Between the lines I was assuming it's perhaps some kind of trade secret they don't like to talk about. Maybe it's using mobile devices location service or like, but amount these days VPN's are being used that could lead them updating bogus information to database service use they then sell and naive customers trust <eh>.

But most I was surprised by that how easy it was update information, basically just communicating clearly and writing polite convincing message they seemed to take that information pretty much by face value and that I was sending my messages from DNS SOA RNAME address.

But if GeoIP data provicers don't use that then who or what services do, that I still have no idea.

lgeek 4 days ago

These days RFC8805[0] is pretty widely supported. But as far as I understand, it's not entirely trusted and geolocation providers will still override that data if it doesn't match traceroutes and whatever other sources they use

https://datatracker.ietf.org/doc/html/rfc8805

Reply View 1 reply
  • mesrik 3 days ago

    A bit late to reply so much longer (10h) I posted my comment. But just for the record here I go.

    After reading that RFC8805 here it's what it writes situation at the time of publishing August 2020.

    "8. Finding Self-Published IP Geolocation Feeds" and subsequent

    The issue of finding, and later verifying, geolocation feeds is not formally specified in this document. At this time, only ad hoc feed discovery and verification has a modicum of established practice (see below); discussion of other mechanisms has been removed for clarity."

    and subsequently

    "8.1. Ad Hoc 'Well-Known' URIs

    To date, geolocation feeds have been shared informally in the form of HTTPS URIs exchanged in email threads. Three example URIs ([GEO_IETF], [GEO_RIPE_NCC], and [GEO_ICANN]) describe networks that change locations periodically, the operators and operational practices of which are well known within their respective technical communities."

    I spent also a moment trying to figure out what can I find about its adoption and use and didn't find much of it. Some blog posts, articles and comments to question whether Amazon AWS or Microsoft Azure support it and answers were pretty much nope, no they don't at least yet time of writing last year and this year.

    Thus I'm concluding it's unlikely any major source of location information for GeoIP providers like MaxMind. Nope they're not, it's too marginal source for them to spend time on so little used spec yet.

    Reply View 0 replies
Matheus28 4 days ago

They could get a rough estimate of an IP location using traceroute from many different known locations. Very rough but it’s a starting point.

For some cases, they might just lookup who owns that IP range and put their address as the IP location.

Reply View 1 reply
  • mesrik 3 days ago

    Yes traceroute is something where approximate rough estimate where IP perhaps could be as up to ISP level hosting it, but traceorgute isn't usually allowed pass firewalls and seldom reaches target IP on networks where clients really are.

    One possibility is BGP advertised and known information like https://www.cidr-report.org provides could be used. But like I wrote commercial GeoIP data providers are not allowed to use WHOIS information from RIR registries. It's their ToS generally prevent it being collected and resold why MaxMind told me that they don't use it.

    Thus the LOC information I had updated RIPE DB in our records LOC or any other information there were not used by MaxMind. Or at least that's what they claim. True or not I don't know, but that's what they tell if you ask from them.

    Also apparently they did not use LOC records from the organization domain I maintained DNS LOC records either. And I got no answer why nor what they use as their sources of information. As it's more likely some kind of trade secret of them.

    Reply View 0 replies