DescriptionThis article addresses the situation where a particular IP address should go to Network Resource A (because it is closer) but instead it goes to Network Resource B.
SolutionThe FortiDirector DNS service uses the IP address of the client that connects to the DNS server to determine the geographic location of the user.
If the user is making a direct connection, the exact IP address of the user should usually be seen. However, most users do not do that, instead they rely on a DNS caching resolver. Typically, this resolver is managed by their ISP, for example by Comcast.
In this case, the FortiDirector service will receive the IP address of the resolver, and not that of the end user.
There are newer technologies available that help DNS services like FortiDirector to better resolve the IP address of the end user. These require that any DNS layer in between the end user and FortiDirector should support the protocol eDNS. This includes local DNS caching resolvers and proxies.
To determine if a user's network path is not passing through the eDNS information to FortiDirector, the eDNS tools available at: https://www.dns-oarc.net/oarc/services/replysizetest can be used.
Again, in the case where a user's network path does not support eDNS, FortiDirector will use the IP Address of the DNS resolver. In the case of Google DNS, the resolver address 8.8.8.8 does not pass through eDNS, and it always resolves to Mountain View, California.
