prevent geo tagging on DNS requests

windows domain-name-system

Solution 1:

Yeah, set the egress point back to their local offices instead of centralizing it.

Otherwise, not really. Geolocation isn't embedded into DNS requests, or "tagged," as such. Google (for example) gets a request from a client, looks up the originating IP and then matches that up against a geo-ip database to determine what country that client is in, and redirects it appropriately. As that process is entirely out of your control, on systems you don't own, you can't really do anything about it, short of making sure the originating IP of your clients is actually located where they are.

You could maybe use Group Policy or proxy settings to manage groups of users so that the German ones go to google.de and the Spanish ones go to google.es, and so on, by basically forcibly re-redirecting them or explicitly directing to google.de instead of google.com, but you'd have to do that for every domain that does geographically-based redirects or checks, which would probably be a rather large pain in the ass. Certainly seems better to me to just let traffic exit from each office location than forcing it to exit from a central one.

Related

packets routed by the switch or router?
Can the dns' domain be in its own spf record?
Why does strace open, read 512 bytes, and THEN fstat libncurses?
Why would adding a datafile cause a deadlock in Oracle?
Risks of Network Partitioning When a Split Brain Creates a Security Flaw
Do I need an MX record for email forwarding?
How to add a tag to an autoscale spun EC2 instance using boto?
Redis Master and Slave usage
Can our firewall detect traffic sniffing inside the network?
Samba share accessible via IP address, but not via hostname
How to test validity of an environment variable with bash checking if it exists and is is true?
How can I start a program from a login batch script if the Command Prompt is disabled?