I'm the founder of IPinfo, so I can definitely offer some details around this! There's not one single method we use, or a single data source, to produce our own geolocation database (or any of our other data sets, like IP to company, or IP to carrier). It's a mix of a bunch of different data sets, data processing techniques, and lessons learned doing this for a several years now!
Some data sources and techniques not often mentioned include:
Direct feeds from ISPs. Our service handles around 500 million API requests a day, and it used on many popular high profile websites. Therefore ISPs are incentivized to provide us with accurate up-to-date geolocation data so that their customers get a great experience on the web. We're working directly with more and more ISPs all the time.
GPS location data. It's possible to collect precise location information with GPS on mobile devices. You can pair that with the IP address and some network topology inference to work out the location for IP ranges given just a few measurements.
User submitted corrections. When we do get the location wrong (or it hasn't been updated after a change) we'll often quickly get feedback from users, and can manually fix the location, or tweak our algorithm to ensure it's correctly located on the next run of our data processing pipeline.
For our IP to company data set we actually scrape every single domain name every month, and cross reference the data we extract there with IP ownership information, rwhois records and more. We then also use the domain scraping data to show what domains are hosted on what IP addresses, and also in our IP type classifier, along with many other data sources, to determine the probability of an IP address being primarily used as a residential ISP, business, or hosting provider. We also analyze the link structure of those pages, and show some of this data on host.io.
5Wow, I would never think that there is a triangulation based on RTT. Interesting. So if some server would like to avoid being geolocated it could introduce random lag in ICMP responses. – Learner – 2018-10-27T12:13:48.267
I would like to add that it might be helpful to look at tracert/traceroute, as wrote on iplocation.net: "You may use 'traceroute' command to find clues to the location of the IP address. The names of the routers through which packets flow from your host to the destination host might hint at the geographical path of the final location." – Learner – 2018-10-28T09:48:10.487
1@Learner that's a nice addition, however, that is already in my answer in the form of "tracking reverse DNS queries". Although traceroute doesn't really do that, it shows you all the domains/addresses through which a query travels. I'll add a note to make it more clear nonetheless :) – Fanatique – 2018-10-30T13:50:25.723