DNS ECS Support in 2025: Which Providers Deliver?

Major DNS Providers Show Wildly Different ECS Performance in New Benchmark

A detailed May 2025 benchmark report comparing EDNS Client Subnet (ECS) support across major public DNS providers reveals significant disparities in how well these services optimize content delivery for global users. The findings carry critical implications for developers, network engineers, and businesses relying on CDN performance — showing that your choice of DNS resolver can mean the difference between users hitting a local server or being routed halfway around the world.

The report, conducted using DNS-over-HTTPS (DoH) binary POST requests to bypass local DNS interception, tested ECS behavior across 4 geographic regions and 6 major domains including Amazon, YouTube, Netflix, and GitHub.

Key Takeaways at a Glance

• ECS (RFC 7871) allows DNS resolvers to pass client subnet information to authoritative servers, enabling CDN-optimized responses
• Testing used /24 IPv4 subnet precision across Japan, China, the US, and Brazil
• Not all DNS providers forward ECS data equally — some strip it entirely
• Without ECS, users in Shanghai querying Google DNS (8.8.8.8) may receive US-based CDN nodes instead of local ones
• The performance gap between ECS-enabled and ECS-disabled queries can result in 100ms+ latency differences
• Major platforms like YouTube, Netflix, and Amazon all leverage ECS data when available

What Is ECS and Why Should You Care?

EDNS Client Subnet, defined in RFC 7871, is an extension to the DNS protocol that allows recursive DNS resolvers to include a truncated version of the client's IP address when querying upstream authoritative DNS servers. This seemingly small piece of metadata has enormous consequences for internet performance.

Here's the problem it solves: when a user in Shanghai sends a DNS query to Google Public DNS at 8.8.8.8, the authoritative DNS server for a CDN like YouTube sees the query originating from Google's infrastructure in the United States — not from China. Without location context, the CDN returns IP addresses for US-based servers, forcing the Shanghai user to connect across the Pacific Ocean.

With ECS enabled, the resolver attaches something like '223.5.5.5/24' to the query, telling the CDN's authoritative server: 'This user is actually in China.' The CDN can then return an IP address for a nearby edge server, potentially cutting latency by hundreds of milliseconds.

This matters enormously for streaming services, e-commerce platforms, and any latency-sensitive application. For businesses operating globally, incorrect DNS-based routing can degrade user experience, increase buffering times, and even affect conversion rates.

How the Benchmark Was Conducted

The May 2025 benchmark employed a rigorous testing methodology designed to eliminate variables and produce reproducible results. All queries were sent via DoH binary POST — a method that bypasses local DNS interception, ISP-level DNS hijacking, and transparent proxy interference.

The test parameters included:

• ECS Subnet Precision: /24 for IPv4, providing city-level geographic granularity
• Test Regions: Japan (210.130.1.1/24), China (223.5.5.5/24), United States (142.250.80.14/24), Brazil (177.55.1.1/24), and a control with no ECS
• Test Domains: Amazon, GitHub, Netflix, YouTube, Twitch, and Apple
• Protocol: DNS-over-HTTPS to ensure encrypted, tamper-proof queries

By testing from 4 geographically diverse subnets plus a no-ECS baseline, the benchmark reveals exactly how each DNS provider handles — or fails to handle — geographic optimization. The choice of test domains is equally strategic: these 6 platforms all operate massive CDN infrastructures that actively consume ECS data to optimize routing.

The Critical Difference: ECS-Enabled vs. ECS-Stripped

The benchmark's most striking finding is the stark contrast between DNS providers that faithfully forward ECS information and those that strip it for privacy or policy reasons. When ECS data is forwarded, CDNs can make intelligent routing decisions. When it is stripped, users effectively lose geographic optimization.

Consider a practical example from the test data. A user in Brazil querying for Netflix's CDN endpoints through an ECS-supporting resolver receives IP addresses pointing to São Paulo-based edge servers. The same query through a resolver that strips ECS returns US East Coast servers — adding potentially 150-200ms of round-trip latency to every single request.

For video streaming, this latency difference translates directly into longer buffer times, lower initial video quality, and degraded adaptive bitrate performance. For e-commerce platforms like Amazon, it can mean slower page loads and measurably lower conversion rates.

The no-ECS control test in the benchmark serves as a powerful illustration. Without any subnet information, CDN authoritative servers default to routing based on the resolver's own IP address — which for major public DNS providers like Google or Cloudflare, typically means US-based infrastructure.

Provider-by-Provider Performance Landscape

While the full benchmark data covers numerous DNS providers, several key patterns emerge from the 2025 results that developers and network engineers should understand.

Google Public DNS (8.8.8.8) has historically been one of the strongest ECS supporters, and the May 2025 tests confirm it continues to forward /24 subnet data reliably across all tested regions. YouTube and Google-owned properties naturally benefit, but third-party CDNs like Netflix and Amazon also receive accurate geographic signals.

Cloudflare DNS (1.1.1.1) takes a more privacy-conscious approach. Cloudflare has traditionally been cautious about ECS, often forwarding minimal or no subnet information to protect user privacy. This creates a direct trade-off: enhanced privacy versus potentially suboptimal CDN routing for users in regions far from Cloudflare's resolver infrastructure.

Quad9 (9.9.9.9) similarly prioritizes security and privacy, with limited ECS forwarding. Users choosing Quad9 for its malware-blocking capabilities should understand the potential CDN performance implications.

The trade-off between privacy and performance remains one of the most consequential decisions in DNS provider selection:

• Full ECS support: Better CDN routing, faster content delivery, but exposes approximate user location to authoritative servers
• Partial ECS support: Compromise approach, forwarding less precise subnet data
• No ECS support: Maximum privacy, but CDN routing based solely on resolver location
• Anonymized ECS: Some providers experiment with forwarding resolver-local subnet data as a middle ground

Impact on Major Platforms and CDNs

The 6 test domains were chosen because they represent different CDN architectures and ECS consumption patterns. Understanding how each platform responds to ECS data helps explain real-world performance differences.

Netflix operates one of the world's largest CDN networks through its Open Connect program, with embedded caches in ISP networks globally. Netflix's authoritative DNS heavily leverages ECS data to direct users to the nearest Open Connect appliance. Without ECS, users may bypass local caches entirely.

YouTube benefits directly from Google's infrastructure integration. When ECS data indicates a user in Japan, YouTube's DNS returns Tokyo-region edge server IPs. Without ECS, the response defaults to whatever Google's resolver infrastructure suggests — often US-based.

Amazon uses its CloudFront CDN extensively, and CloudFront's Route 53 authoritative DNS consumes ECS data for latency-based routing. E-commerce page load times are directly affected.

Apple, GitHub, and Twitch each show varying degrees of ECS sensitivity in the benchmark, with Apple's CDN showing particularly strong geographic optimization when ECS data is available.

What This Means for Developers and Businesses

For engineering teams managing global applications, the DNS ECS benchmark highlights several actionable considerations. First, DNS provider selection is not just about uptime and query speed — it fundamentally affects how CDNs route traffic to your users.

Teams should consider these practical steps:

• Audit your current DNS provider's ECS behavior using DoH test queries with explicit subnet parameters
• Monitor CDN routing quality by comparing resolved IP addresses across different DNS providers
• Consider split DNS strategies where performance-critical domains use ECS-supporting resolvers
• Evaluate the privacy trade-off explicitly — document why your organization chooses a particular ECS posture
• Test from your actual user geographies rather than assuming uniform performance

For businesses with significant user bases in regions like Latin America, Southeast Asia, or Africa — where CDN edge server density is lower — the ECS question becomes even more critical. Incorrect routing in these regions can mean connecting to servers on entirely different continents.

Looking Ahead: The Future of DNS and Client Subnet Privacy

The tension between ECS-enabled performance optimization and user privacy continues to shape DNS infrastructure evolution. Several emerging trends will likely influence how this landscape develops through 2025 and beyond.

The IETF is actively discussing potential successors and modifications to RFC 7871 that could provide geographic optimization without exposing actual client subnet information. Proposals include resolver-based geographic tagging, where the resolver attaches a geographic label rather than an IP prefix.

Meanwhile, the rise of encrypted DNS protocols — DoH and DoT (DNS-over-TLS) — adds another layer of complexity. While these protocols protect the query itself from interception, they do not address the ECS metadata question. A DoH query can still carry full /24 subnet information to the authoritative server.

As more applications become latency-sensitive — from cloud gaming to real-time AI inference APIs — the importance of correct CDN routing will only increase. A 2025 study by Akamai estimated that every 100ms of added latency reduces conversion rates by approximately 7% for e-commerce sites.

The DNS ECS benchmark serves as an essential reference for anyone making infrastructure decisions in this space. Whether you prioritize raw performance, user privacy, or a balanced approach, understanding exactly how your DNS provider handles client subnet data is no longer optional — it is a fundamental infrastructure consideration that directly impacts user experience, application performance, and ultimately, business outcomes.