We use AWS Route53 to geo-locate our vpn traffic between 3 sites, unfortunately it looks as though 1.1.1.1 only seems to cache the US records.
Is there a way we can ensure the user receives the most relevant result?
This might not be working since 1.1.1.1 does not forward the eDNS client subnet since it has been shown to be used to track internet users. It’s generally recommended to instead use an anycast IP address/CDN like Cloudfront as these automatically route users to the closest datacenter.
This information leaks information about a requester’s IP and, in turn, sacrifices the privacy of users. This is especially problematic as we work to encrypt more DNS traffic since the request from Resolver to Authoritative DNS is typically unencrypted. We’re aware of real world examples where nationstate actors have monitored EDNS subnet information to track individuals, which was part of the motivation for the privacy and security policies of 1.1.1.1.
Here’s the glossary on anycast: https://www.cloudflare.com/learning/cdn/glossary/anycast-network/