(no title)

> can anyone weigh in on the costs/complexity of a public DNS resolver implementing geo-fencing

I was a small part of the original team that built OpenDNS. I also operate a less well known public resolver now.

DNS is extremely latency sensitive. You have basically a 20ms budget to work with, which includes the time the request and response traverse the internet. It is also extremely high volume, a large public service like Quad9 could easily see single digit millions of requests per second.

There is nothing that technically prevents you from doing geofencing. Cisco has the money to absorb the costs of the additional overhead - but I could not. My first stab at the problem would be to simply shut down my servers in France to try to get out of the legal jurisdiction. I don't know if that would be sufficient without paying for a lawyer.

Quad9 absolutely has a valid argument here and it pushes more of our public infrastructure into the centralized hands of a small number of players because people like me can't afford to just run free shit on the internet anymore.

There are multiple free and paid geoip databases, from $0 to $1000 a year, depending. Then an hour to write a script to add iptables rules from the database for the country of choice. (Example: https://gist.github.com/asheroto/934e056a302adda334077f0c85c...)

I don't know what is unique about Quad9 that they couldn't do this, but it's possible they have some technical limitation