In classic geographic DNS solutions, decisions are usually made based on the DNS resolver's IP address. When a user relies on a remote public resolver, however, the DNS system sees the resolver's location rather than the user's actual position. As a result, a user in Turkey may be directed to a data center in the wrong region or an unnecessarily distant PoP.
Single-layer, country-only routing is also insufficient for most enterprise scenarios. Within the same country, different carriers, different ASNs, different cities or different private network blocks may each require separate routing. Needs such as telco peering, compliance, latency, CDN-like PoP selection and campaign routing all demand finer granularity.
Using an online GeoIP API for geographic decisions introduces additional risk. Sending DNS query context to an external service can create problems for data residency and query privacy. Having a critical traffic decision layer like GTM depend on an external API is also a weak point for operational continuity.
The correct model is to support client subnet information, make geographic decisions using offline databases on the device, and extend topology rules beyond the country level to include city, ASN and CIDR. Producing a controlled final response through fallback records when no match is found should be part of the same model.
TR7 DNS Geographic Routing delivers exactly this: EDNS Client Subnet, five-dimensional topology rules, offline GeoIP databases and selector-based record selection bring DNS responses closer to the real user context.
TR7 implements geographic DNS decisions through client subnet, multi-dimensional topology, offline GeoIP and a Lua-based selection pipeline.
With EDNS Client Subnet support, the DNS decision is no longer bound to the resolver IP alone. Geographic decisions are made from the actual client subnet, enabling more accurate DC or PoP selection.
TR7 can define rules across network/CIDR, country, city, continent and ASN. Each rule can be written with normal or negate behavior.
Geographic decisions are made using ASN, City and Country databases stored locally on the device. DNS query context is never sent to an external GeoIP service.
TR7 evaluates topology rules in order and selects matching record candidates using selector logic. Different distribution strategies can be built with all, closest, round-robin, weighted or random behavior.
DNS Geographic Routing produces country, city, ASN and CIDR-based DNS responses with client subnet precision.
TR7 can factor in client subnet information instead of relying on the resolver IP. This reduces the risk of clients using public resolvers being directed to the wrong region. Geographic DNS decisions move closer to the real user network. This is especially critical for accurate DC selection in services with global user traffic.
Country granularity allows different DNS responses to be produced based on the client's country code. Data center selection can be tailored to Europe, Turkey, the Middle East or a specific country. Country-level control is important for financial institutions, public sector organizations and environments with data residency requirements. Country codes are normalized for more consistent matching.
Continent granularity allows clients to be directed to different record groups at the continent level. Separate PoP or DC sets can be defined for Europe, Asia, North America or other regions. This approach offers a simple solution where country-level detail is not required but regional proximity matters. It is useful in global SaaS and content delivery scenarios.
City granularity matches users from specific cities to different records. Separate landing page, edge PoP or data center responses can be produced for Istanbul, Ankara or other cities. This is useful for local campaigns, city-level compliance or low-latency traffic distribution goals. City information is evaluated using the offline GeoIP database.
Network/CIDR granularity allows custom DNS responses to be defined for specific IPv4 or IPv6 network blocks. Enterprise customer subnets, partner networks, private carrier ranges or internal access blocks can be separated this way. CIDR-level routing is more deterministic than country or city. It is powerful for per-customer endpoints or peering DC selection.
ASN granularity selects a DNS response based on the carrier or network owner the client is connected to. Separate DC records can be returned for specific telecom carriers, ISP networks or CDN peering preferences. This approach creates value where different carriers within the same country have different network quality. Traffic is routed according to real network topology rather than a national boundary.
Negate behavior can be applied to any topology rule. This allows inverse rules such as "every country except this one", "every ASN except this one" or "every network except this CIDR". Exclusion logic is useful for enforcement, access separation, alternative IP delivery or high-risk region exclusion scenarios. Operators can build both matching and exclusion policies.
If the geographic topology rule produces no record candidates, fallbackRecords can be activated. These records can represent a default DC, maintenance service or global endpoint. Fallback behavior ensures a controlled last-resort response instead of an empty or unexpected DNS reply. This is especially important for new regions or missing GeoIP matches.
TR7 can define independent topology policies for each record. Under the same domain, A records, AAAA records or different service records can operate with different geographic decisions. This allows different routing strategies to be applied to different application components under a single domain. Operators manage topology behavior at the record level rather than globally.
A geographic match can produce multiple record candidates. TR7 can then select among those candidates using selector behaviors such as all, closest, round-robin, weighted round-robin, random or weighted random. Geographic filtering and load distribution are thus combined in the same chain. For example, weighted selection can be applied between two DCs within the same country.
ASN, City and Country databases are stored on-device and geographic decisions are made locally. DNS query context is never sent to an external GeoIP API. This is an important advantage for organizations with query privacy and data residency expectations. Update flow should be planned separately; page behavior relies on the offline decision model.
The TTL value for each DNS record affects geographic routing behavior. Shorter TTL offers advantages for fast policy changes and failover; longer TTL reduces resolver cache load. When designing geo routing, TTL, DC health and traffic distribution goals should be planned together. The operator sets the balance between performance and the speed of change.
Geographic DNS routing is operated alongside topology rule types, normalized fields, CIDR rendering behavior, fallback logic and Lua execution limits.
The topology decision pipeline uses network, country, city, continent and ASN rule types. Each rule type can be evaluated with positive or negate behavior. This structure allows multiple geographic decision dimensions to be combined within the same record.
Country and continent codes are lowercased before comparison. This prevents case differences from different sources from breaking matches. Normalized values make policy authoring more consistent.
Network rules evaluate IP and CIDR together. If no CIDR is specified, per-IP precision behavior can be used for IPv4. This model allows both private network blocks and single IP targets to be handled within the same policy structure.
TR7 can make geographic decisions using ASN, City and Country databases. These three data sources form the foundation for ASN, city, country and continent decisions. Because the databases reside on-device, runtime decisions do not depend on an external service.
If the topology evaluation produces no record candidates, fallbackRecords is checked. If a fallback exists, a final response can be produced with failSafe status. If no fallback is defined, an empty or standard DNS behavior may occur — a fallback plan is therefore recommended for all production records.
Topology selection runs through a Lua-based decision pipeline. Execution limits and health check intervals help keep DNS decisions deterministic and controlled. Performance impact should be considered for very complex rule sets.
Different peering DC records can be returned for different carrier networks in Turkey. The ASN topology rule helps direct users within the same country to a more accurate network path.
Different compliance or data residency targets can be defined for countries such as Germany, France or Italy. The country rule returns the appropriate DC record based on the client's country.
Global services can direct clients to the most appropriate PoP or data center group at the continent level. Continent rules and selector behavior can be combined for regional load distribution.
With negate flag, different records can be returned to clients outside specific countries, ASNs or CIDRs. This model is useful for enforcement, licensing, compliance or high-risk region separation.
A custom landing page IP can be returned to users from cities such as Istanbul or Ankara. The city rule provides precise DNS-level routing for marketing and local service delivery scenarios.
Geographic DNS routing with EDNS Client Subnet, five-dimensional topology rules and offline GeoIP. Let's walk through a live setup on your own infrastructure.